Microsoft recently announced that they are making the issue register (i.e., bug tracker) for Internet Explorer public. Yes, there are a few hoops you need to jump through in order to see it, but basically anyone can now see the open bugs around IE. This is a big deal. As Washington Post technology security columnist Brian Krebs has pointed out, Microsoft takes an average of 46 days to patch critical security vulnerabilities (and 135 days for bug fixes in general) while Mozilla takes an average of 23 days to patch similar flaws, with a third of them patched in under 10 days. (There are some caveats to these numbers noted in the articles, but the basic gap is pretty soundly documented.) A recent study [PDF] from Carnegie Mellon found that Open Source projects typically patch security vulnerabilities 60% faster than proprietary vendors. I don’t have the data to prove that this applies to other kinds of bugs as well but it seems logical to infer that it would.
LMS vendors should take note of this data and of Microsoft’s leadership in opening up their database of open issues.
There’s no reason in the world why proprietary vendors of any software can’t open up their bug reports. It’s not like they’re giving away source code. Making the issue register public would give both current and prospective customers more visibility into their responsiveness and rate of product improvement. It also improves the organisation’s focus on these issues, leading them to be more responsive. As any heavy user of an LMS knows, these beasts tend to be laden with glitches (though they are more often usability issues or similar poor design problems than they are code that is “broken” in the strictest sense).
Ken Udas and I recently asked an LMS vendor (who shall remain nameless to protect the guilty) if they would be willing to share this sort of data as part of our project to apply the OpenBRR to evaluating both proprietary and Open Source LMS’s. They turned us down. This is particularly puzzling given that the vendor in question (like several of the smaller proprietary LMS vendors) has a shared source policy. Customers get to see their code and, I assume, their issue tracker as well. If I were in their shoes, I would not only open up the bug tracker to the public, I would tout it as a competitive advantage and dare their competition to do the same.
No matter. The main point is that LMS adopting organisations can and should demand that their vendors or prospective vendors open up this information. If Microsoft can do it, then they can too.
