Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Application Insecurity --- Who is at Fault?

From: ljknews <ljknews () mac com>
Date: Sun, 10 Apr 2005 22:29:28 +0100
At 10:54 PM -0700 4/8/05, [EMAIL PROTECTED] wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Margus Freudenthal wrote:


Consider the bridge example brought up earlier. If your bridge builder
finished the job but said: "ohh, the bridge isn't secure though. If
someone tries to push it at a certain angle, it will fall".


Ultimately it is a matter of economics. Sometimes releasing something earlier is worth more than the cost of later 
patches. And managers/customers are aware of it.


Unlike in the world of commercial software, I'm pretty sure you don't see a whole lot of construction contracts which 
absolve the architect of liability for design flaws.


But there is plenty that leaves those involved an opportunity to litigate
their way out.  Consider Boston's Big Dig.
-- 
Larry Kilgallen
Previous By Date Next
Previous By Thread Next

Current thread: