Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did

From: Dave Aitel <dave () immunitysec com>
Date: Wed, 04 Feb 2004 09:33:19 -0500
http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss306_art550,00.html

"""
Don't get me wrong. Building secure software is a laudable goal. It boosts productivity and reduces costs. According to one study, it's 6.5 times more expensive to fix a security problem in the implementation phase than in the design phase of a software rollout. By the time you get to the maintenance phase, it's 100 times more expensive. 
"""
This is crap. If you spend your whole life looking for security bugs in your product, then you find them. Continuously. You'll end up finding at least 100 times more than will ever come out in public. So you really save a lot of money by doing everything in the QA phase, where it belongs. 


-dave




_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: