Code Is Subject To Peer-Review

Source code in Linux terms is aggressively tested by many users. Even development code not intended for mission-critical systems is widely used and tested. Some testers are motivated by a desire to help authors produce the best possible code, and some by the notoriety of finding bugs in code where bugs are rare. (Yes, programmers are really motivated by such things.)

Whatever the motivations, a simple glance at the Linux newsgroups and mailing lists shows the process in action. It's the clearest validation of the Linux development model.

As an example, to test the Linux kernel, the "crashme" program was written. It torture-tests systems by generating random OS calls (either with valid or invalid data) or even generating random garbage and trying to execute it as code. No application is supposed to be able to crash the kernel, and if crashme finds a way to do so, it is an affront to the pride of the Linux kernel developers. Such bugs are fixed very quickly.

There is another side-effect to having the source code open - it is subject to careful scrutiny by a wide variety of people for security problems. Security problems are found from time to time, but they are closed as soon as they are found. (If the discoverer doesn't tell others about the problem but instead tries to exploit it, he can do so for only as long as no one notices the break-ins. Once it's noticed, an alert is posted and the fix is soon available, often within hours.)