Secure Coding mailing list archives

web apps are homogenous?

From: Paco at cigital.com (Paco Hope)
Date: Wed, 24 Feb 2010 10:46:56 -0500


On Feb 23, 2010, at 10:06 AM, Jon McClintock wrote:

This provides a pretty good examination of the costs of patching 
commercial software. Has anyone done a similar analysis for web 
applications? I'd expect the costs to be dramatically lower, given
thant you're typically producing a single patch for a handful of
homogenous systems.


I don't think "webness" conveys any more homogeneity than, say "windowsness" or "linuxness."

What part of being a web application provides homogeneity in a way that makes patching cheaper?

Paco
--
Paco Hope, CISSP - CSSLP
Technical Manager, Cigital, Inc.
http://www.cigital.com/
Software Confidence. Achieved.

Current thread:

seeking hard numbers of bug fixes... Benjamin Tomhave (Feb 22)
- seeking hard numbers of bug fixes... Jeremy Epstein (Feb 22)
  - seeking hard numbers of bug fixes... Jon McClintock (Feb 23)
    - web apps are homogenous? Paco Hope (Feb 24)
    - web apps are homogenous? Jon McClintock (Feb 24)
    - web apps are homogenous? Benjamin Tomhave (Feb 25)
    - web apps are homogenous? Chris Wysopal (Feb 26)
- seeking hard numbers of bug fixes... Wall, Kevin (Feb 22)
  - seeking hard numbers of bug fixes... Benjamin Tomhave (Feb 22)