Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did

["Matt Hargett" <matt () use net>]

> Blue Boar wrote:
> > In other words, I thinks the costs of fixing things after the
> > fact has
> > gotten so much cheaper that it makes financial sense to go ahead and
> > allow for that.
>
> Probably true with today's rapid develop/ship/update model of software
> sales. I think a lot of these studies dealt with very old systems for
> which the original programmers were long gone and you had to pay people
> to spend time learning an outdated language and getting up to speed on
> code before they could even begin to think about patching a problem.

Gee, kinda like MSRPC? Or the contractors MS hired to pound out Windows ME?
The sooner people realise none of these problems are new, the sooner we can
stop reinventing the wheel and pay attention to what people with more
perspective than us have to say. That's not to say someone couldn't innovate
some brand new approach that only applies to existing technology, but I
haven't seen that happen yet. Even Mythical Man Month talks about Mock
Objects, but refers to them as "Dummy Components".


> I also think they were referring more towards cases in which new
> functionality needs to be added to existing code, or existing
> functionality modified to some significant degree. Vulnerabilities
> don't tend to fall into either of these categories.

Are you for real? How do you define vulnerability?

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave