Secure Coding mailing list archives

seeking hard numbers of bug fixes...

From: list-spam at secureconsulting.net (Benjamin Tomhave)
Date: Mon, 22 Feb 2010 09:17:09 -0500

Howdy,

This request is a bit time critical as it's supporting a colleague's
upsell up the food chain tomorrow... we're looking for hard research or
numbers that covers the cost to catch bugs in code pre-launch and
post-launch. The notion being that the organization saves itself money
if it does a reasonable amount of QA (and security testing) up front vs
trying to chase things down after they've been identified (and possibly
exploited).

Any help?

Thank you,

-ben

-- 
Benjamin Tomhave, MS, CISSP
tomhave at secureconsulting.net
Blog: http://www.secureconsulting.net/
Twitter: http://twitter.com/falconsview
LI: http://www.linkedin.com/in/btomhave

[ Random Quote: ]
"Imagination is everything. It is the preview of life's coming attractions."
Albert Einstein

Current thread:

seeking hard numbers of bug fixes... Benjamin Tomhave (Feb 22)
- seeking hard numbers of bug fixes... Jeremy Epstein (Feb 22)
  - seeking hard numbers of bug fixes... Jon McClintock (Feb 23)
    - web apps are homogenous? Paco Hope (Feb 24)
    - web apps are homogenous? Jon McClintock (Feb 24)
    - web apps are homogenous? Benjamin Tomhave (Feb 25)
    - web apps are homogenous? Chris Wysopal (Feb 26)
- seeking hard numbers of bug fixes... Wall, Kevin (Feb 22)
  - seeking hard numbers of bug fixes... Benjamin Tomhave (Feb 22)