Dailydave mailing list archives
RE: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did
From: "Chris Eagle" <cseagle () redshift com>
Date: Wed, 4 Feb 2004 08:34:06 -0800
Dave wrote:
This is crap. If you spend your whole life looking for security bugs in your product, then you find them. Continuously. You'll end up finding at least 100 times more than will ever come out in public. So you really save a lot of money by doing everything in the QA phase, where it belongs.
The quote is a classic software engineering statistic designed to motivate people to do proper requirements analysis and design. They are not talking about cost in incident response terms or damage caused by exploited vulnerabilities, they are talking strictly about the cost of modifying the software after it has been released vice doing it right in the first place. IE is a good example. It is so poorly designed and so interwoven with the O/S, that small changes today have a huge impact and require significant resources to make sure they didn't break a ton of other stuff when they made the fix. If it was well designed in the first place the theory goes, they would have fewer bugs today (less cost) and the ones they do have today would be easy to fix (less cost). But of course I am not a big fan of software engineers because none of the ones I know can code worth a damn. Chris _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Dave Aitel (Feb 04)
- Re: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Rodney Thayer (Feb 04)
- Re: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Anton A. Chuvakin (Feb 04)
- RE: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Chris Eagle (Feb 04)
- Re: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Blue Boar (Feb 04)
- Re: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Dave Aitel (Feb 04)
- RE: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Chris Eagle (Feb 04)
- Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did Matt Hargett (Feb 04)
- RE: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did Chris Eagle (Feb 04)
- Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did Gunnar Peterson (Feb 04)
- Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did Sinan Eren (Feb 04)
- Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did H D Moore (Feb 04)
- Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did Sinan Eren (Feb 04)
- Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did H D Moore (Feb 04)
- Re: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Blue Boar (Feb 04)