Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Economics of Software Vulnerabilities

From: James.McGovern at thehartford.com (McGovern, James F (HTSC, IT))
Date: Tue, 27 Mar 2007 15:37:06 -0400
May I share another perspective.

1. The debate between open source vs. closed source in terms of security doesn't matter. Does anyone has any metrics 
that quantify the economics of writing better corporate software not for public consumption?

2. If you can't make the economic case, then you can possibly make the case of indexing yourself to others. I know 
folks opinion here in terms of keeping up with the Jones's but unless someone brainstorms a way for folks to do this, 
the economic case may never be made.

3. When one looks at metrics and more importantly maturity models, they almost always measure process and tend to avoid 
measuring either people and/or technology. If security folks figuring out how to measure people, process and technology 
then additional opportunities for secure coding practices may expose themselves.


*************************************************************************
This communication, including attachments, is
for the exclusive use of addressee and may contain proprietary,
confidential and/or privileged information.  If you are not the intended
recipient, any use, copying, disclosure, dissemination or distribution is
strictly prohibited.  If you are not the intended recipient, please notify
the sender immediately by return e-mail, delete this communication and
destroy all copies.
*************************************************************************
Previous By Date Next
Previous By Thread Next

Current thread: