Secure Coding mailing list archives

Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading

From: BlueBoar at thievco.com (Blue Boar)
Date: Thu, 29 Nov 2007 18:07:00 -0800

Andy Steingruebl wrote:

I like contractual approaches to this problem myself.  People buying
large quantities of software (large enterprises, governments) should
get contracts with vendors that specify money-back for each patch they
have to apply where the root cause is of a given type.  For example, I
get money back every time the vendor has a vulnerability and patch
related to a buffer overflow.


That changes the incentive to hide security bugs and not patch them or
to slipstream them.

                                                BB

Current thread:

Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading, (continued)
- - Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading der Mouse (Nov 29)
    - Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Leichter, Jerry (Nov 30)
    - Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading der Mouse (Nov 30)
    - Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Shea, Brian A (Nov 30)
    - Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Steven M. Christey (Nov 30)
    - Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Andre Gironda (Dec 01)
  - Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Kenneth Van Wyk (Nov 30)
    - Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Andre Gironda (Dec 01)
- Insecure Software Costs US $180B per Year - Application and robert at webappsec.org (Nov 29)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Andy Steingruebl (Nov 29)
  - Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Blue Boar (Nov 29)
    - Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Andy Steingruebl (Nov 29)
  - Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading silky (Nov 29)
    - Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Steven M. Christey (Nov 30)
    - Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Andre Gironda (Dec 01)
    - Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading silky (Dec 02)
    - Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Pete Werner (Dec 04)
  - Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Andre Gironda (Dec 01)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Andre Gironda (Dec 01)