Secure Coding mailing list archives
Economics of Software Vulnerabilities
From: mshines at purdue.edu (Michael S Hines)
Date: Tue, 20 Mar 2007 08:55:55 -0400
I'm not sure what your sources are but from what I'm hearing and reading the problem is that there are many missing drivers for what have become standard peripherals that people are used to - and some of the vendors are reluctant to develop new drivers (the driver technology changed in Vista - so all drivers have to be reworked). MP3 players, ePhones, PDA's, etc. have become standard components in many places... and they don't work with Vista - yet (if ever). It's the feature thing.... not that users are shunning security. And, at least to me, it is an indication that M$ did not understand the marketplace or rushed the (incomplete) product to market. There's more than one way to foul up a new product launch. IMHO of course. ----------------------------- Michael S Hines mshines at purdue.edu -----Original Message----- From: sc-l-bounces at securecoding.org [mailto:sc-l-bounces at securecoding.org] On Behalf Of Crispin Cowan Sent: Monday, March 19, 2007 4:00 PM To: Gary McGraw Cc: Ed Reed; sc-l at securecoding.org Subject: Re: [SC-L] Economics of Software Vulnerabilities Gary McGraw wrote:
I'm not sure vista is bombing because of good quality. That certainly
would be ironic.
Word on the "way down in the guts" street is that vista is too many things
cobbled together into one big kinda functioning mess. I.e. it is mis-featured, and lacks on some integration. This is a variation on not having desired features. And there certainly are big features in Vista that were supposed to be there but aren't (most of user-land being managed code, relational file system). It is also infamously late. So if the resources that were put into the code quality in Vista had instead been put into features and ship-date, would it do better in the marketplace? Sure, that's heretical :) but it just might be true :( Crispin, now believes that users are fundamentally what holds back security -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering http://novell.com AppArmor Training at CanSec West http://cansecwest.com/dojoapparmor.html _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
Current thread:
- Economics of Software Vulnerabilities, (continued)
- Economics of Software Vulnerabilities Arian J. Evans (Mar 21)
- Economics of Software Vulnerabilities Steven M. Christey (Mar 21)
- Economics of Software Vulnerabilities mudge (Mar 21)
- Economics of Software Vulnerabilities Steven M. Christey (Mar 21)
- Economics of Software Vulnerabilities McGovern, James F (HTSC, IT) (Mar 20)
- Economics of Software Vulnerabilities Wall, Kevin (Mar 20)
- Economics of Software Vulnerabilities McGovern, James F (HTSC, IT) (Mar 21)
- Economics of Software Vulnerabilities Steven M. Christey (Mar 21)
- Economics of Software Vulnerabilities security curmudgeon (Mar 23)
- Economics of Software Vulnerabilities Gunnar Peterson (Mar 23)
- Economics of Software Vulnerabilities Michael S Hines (Mar 20)
- Economics of Software Vulnerabilities ljknews (Mar 20)
- Economics of Software Vulnerabilities Crispin Cowan (Mar 19)
- Economics of Software Vulnerabilities McGovern, James F (HTSC, IT) (Mar 27)