Full Disclosure mailing list archives
Re: How many vendors knowingly ship GA product with security vulnerabilities?
From: Valdis.Kletnieks () vt edu
Date: Thu, 04 May 2006 22:17:19 -0400
On Thu, 04 May 2006 18:15:18 PDT, Bill Stout said:
That's an excellent and well thought out reply. Sounds like you have some experience in delivering software.
Not commercial software. However, commercial software ship dates are infinitely flexible compared to "30,000 students are showing up Tuesday and the class registration and housing checking systems *have* to be ready" ;)
It would seem that if a few days buffer were built into the system, specifically to check in security fixes prior to QA; that would be a huge 'CYA' benefit to prevent those 'CLM' moves and to protect the consumers of the software.
Trust me - the original plan usually *starts* with *more* than "a few days buffer". Recommended reading: "The Mythical Man Month" by Fred Brooks - what he learned as the project manager for IBM's OS/360 operating system development, which still ranks as one of the biggest software development projects in history. One of the famous quotes from it: "Adding programmers to late software projects makes them later"....
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- How many vendors knowingly ship GA product with security vulnerabilities? Bill Stout (May 03)
- Re: How many vendors knowingly ship GA product with security vulnerabilities? Valdis . Kletnieks (May 03)
- <Possible follow-ups>
- RE: How many vendors knowingly ship GA product with security vulnerabilities? Bill Stout (May 04)
- Re: How many vendors knowingly ship GA product with security vulnerabilities? Valdis . Kletnieks (May 04)