Secure Coding mailing list archives
Re: Application Insecurity --- Who is at Fault?
From: Margus Freudenthal <margusf () solo ee>
Date: Thu, 07 Apr 2005 14:29:40 +0100
Michael Silk wrote: Consider the bridge example brought up earlier. If your bridge builder finished the job but said: "ohh, the bridge isn't secure though. If someone tries to push it at a certain angle, it will fall". All bridges have certain limits. There is difference between a footbridge and bridge that can be driven over with a tank. The difference is also reflected in cost. You are advocating always building "tank" bridge. Which is understandable attitude - this way you are mostly safe. However, in some cases it is *economically feasible* to just build a simpler bridge and accept the fact that it will break under some conditions. Ultimately it is a matter of economics. Sometimes releasing something earlier is worth more than the cost of later patches. And managers/customers are aware of it. -- Margus
Current thread:
- Application Insecurity --- Who is at Fault? Kenneth R. van Wyk (Apr 06)
- Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 06)
- Re: Application Insecurity --- Who is at Fault? Dave Paris (Apr 06)
- Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 06)
- Re: Application Insecurity --- Who is at Fault? Blue Boar (Apr 07)
- Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 07)
- Re: Application Insecurity --- Who is at Fault? Margus Freudenthal (Apr 07)
- Re: Application Insecurity --- Who is at Fault? dtalk-ml (Apr 10)
- Re: Application Insecurity --- Who is at Fault? ljknews (Apr 10)
- RE: Re: Application Insecurity --- Who is at Fault? Edward Rohwer (Apr 10)
- Re: Re: Application Insecurity --- Who is at Fault? Crispin Cowan (Apr 11)
- Re: Re: Application Insecurity --- Who is at Fault? Kenneth R. van Wyk (Apr 11)
- Re: Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 11)
- Re: Re: Application Insecurity --- Who is at Fault? Dave Paris (Apr 11)
- RE: Re: Application Insecurity --- Who is at Fault? Chris Matthews (Apr 11)
- Re: Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 11)
- Re: Re: Application Insecurity --- Who is at Fault? der Mouse (Apr 12)
- Re: Application Insecurity --- Who is at Fault? Dave Paris (Apr 06)
- Re: Application Insecurity --- Who is at Fault? Michael Silk (Apr 06)