DOI: https://doi.org/10.7880/abas.0220914a
The Nebraska Problem in Open Source Software Development
DOI:
https://doi.org/10.51094/jxiv.180Keywords:
Open Source, Software Development, Unix Philosophy, Hearbleed, SBOM, Linus's LawAbstract
In the world of open source constructed on the basis of the Unix philosophy, there are cases of unsung heroic programs in obscure locations being maintained in a detailed way by a single unknown person or a small number of unknown people, mainly for personal reasons. However, if once these small programs close to the bottom rung of the ladder, break, it may cause a loss of balance and collapse of our entire modern infrastructure. This is referred to as the Nebraska Problem in this paper. We can see from the actual and serious case of the Heartbleed bug that “the number of eyeballs” taken for granted in Linus's Law up to this point needs to be proactively secured, and we need to consider complementary measures, such as SBOM, against risk in advance.
Downloads *Displays the aggregated results up to the previous day.
References
Avram, A. (2016, Mar 24). NPM was broken for 2.5 Hours, InfoQ. Retrieved from https://www.infoq.com/news/2016/03/npm/
CVE Details. (2022). Imagemagick: Security vulnerabilities [Security DataSource]. Retrieved from https://www.cvedetails.com/vulnerability-list/vendor_id-1749/Imagemagick.html
De Raadt, T. (2014), Re: new OpenSSL, Openbsd-tech maling-list, [Message: Message-ID: 201406051927.s55JRmMb018899 () cvs ! openbsd ! org]. Retrieved from https://marc.info/?l=openbsd-tech&m=140199655122732&w=2
Collins, K. (2016, Mar, 27). How one programmer broke the internet by deleting a tiny piece of code. QUARTZ. Retrieved from https://qz.com/646467/how-one-programmer-broke-the-internet-by-deleting-a-tiny-piece-of-code/
Marquess, S. (2014, Apr, 12). Of Money, Responsibility, and Pride, Speeds and Feeds [Blog]. Retrieved from http://veridicalsystems.com/blog/of-money-responsibility-and-pride/index.html.
Martin,H @marcan42. (2022, Aug, 21, 0:23). So today I filed a trivial GRUB bug (latest version runs out of memory, hardcoded heap size needs a bump). I just realized they haven't fixed *any* bug tracker bugs that weren't typos in the last 5 years. Seriously. I knew they were slow about releases, but wow [Twitter moment]. Retrieved from https://twitter.com/marcan42/status/1561011127869673478
Munroe, R. (2020?). Dependency, What if? 2 [Webcomic]. https://xkcd.com/2347/
NTIA (National Telecommunications and Information Administration). (2021). Software bill of materials [Guideline]. Retrieved from https://www.ntia.gov/SBOM
Pagliery, J. (2014, Apr 11). Hartbleed bug: What you need to know. CNN Business. https://money.cnn.com/2014/04/09/technology/security/heartbleed-bug/index.html
Raymond, E. S. (2001). The cathedral and the bazaar: Musings on Linux and open source by an accidental revolutionary (Revised ed.). Sebastopol, CA: O'Reilly.
Raymond, E. S. (2004). The art of Unix programming. Boston, MA: Addison-Wesley
Salus, P. H. (1994). A quarter century of UNIX. Reading, MA: Addison-Wesley.
Schneier, B (2014, Apr 9). Hearbleed [Blog]. Schneier on security. Retrieved from https://www.schneier.com/blog/archives/2014/04/heartbleed.html
The jargon file 4.4.7. (2022). bit rot. Retrieved from http://www.catb.org/jargon/html/B/bit-rot.html
Downloads
Posted
Submitted: 2022-10-04 05:29:16 UTC
Published: 2022-10-05 23:29:55 UTC
License
Copyright (c) 2022
Masayuki Hatta
This work is licensed under a Creative Commons Attribution 4.0 International License.
