Secure Coding mailing list archives
Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading
From: andre at operations.net (Andre Gironda)
Date: Sat, 1 Dec 2007 21:48:45 -0700
On Nov 29, 2007 5:13 PM, Andy Steingruebl <steingra at gmail.com> wrote:
I like contractual approaches to this problem myself. People buying large quantities of software (large enterprises, governments) should get contracts with vendors that specify money-back for each patch they have to apply where the root cause is of a given type. For example, I get money back every time the vendor has a vulnerability and patch related to a buffer overflow. I wrote a small piece about this: http://securityretentive.blogspot.com/2007/09/buffer-overflows-are-like-hospital.html
If you read Geekonomics, you'll find out why this may never happen. Because of existing software contracts, this is impossible today. David Rice dedicates chapter five to a discussion on this, but it also sprinkled throughout the book. Cheers, Andre
Current thread:
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading, (continued)
- Insecure Software Costs US $180B per Year - Application and robert at webappsec.org (Nov 29)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Andy Steingruebl (Nov 29)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Blue Boar (Nov 29)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading silky (Nov 29)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Steven M. Christey (Nov 30)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Andre Gironda (Dec 01)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading silky (Dec 02)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Pete Werner (Dec 04)
- Insecure Software Costs US $180B per Year - Application and Perimeter Security News Analysis - Dark Reading Andre Gironda (Dec 01)