WebApp Sec mailing list archives
Re: Cost to fix bugs pre-production
From: Gary Gwin <websec () cafesoft com>
Date: Tue, 25 Nov 2003 15:04:27 -0800
Mark, I believe you might be referring to the research done by atstake:"According to SQA (software quality assurance) empirical research, one dollar required to resolve an issue during the design phase grows into 60 to 100 dollars to resolve the same issue after the application has shipped."
http://www.sbq.com/sbq/rosi/sbq_rosi_software_engineering.pdf http://www.atstake.com/research/reports/acrobat/atstake_app_unequal.pdf OWASP is acknowledged in the second document. Gary -- http://www.cafesoft.com **************************************************************** * * * Cams is a web single sign-on software solution for Apache, * * Microsoft IIS, BEA WebLogic, IBM WebSphere, JBoss, Oracle, * * and Tomcat web and J2EE application servers. * * * **************************************************************** Mark Curphey wrote:
A while back I read a research paper that compared some figures for the financial cost of fixing an application security bug when it is in development, pre-production and then finally in production. I have lost the link. Does anyone know of any such papers ? Has anyone ever seen a study of the cost of fixing a problem occurring from code review against the cost of fixing an issue that got into production andhad to be retrofitted ?
Current thread:
- Cost to fix bugs pre-production Mark Curphey (Nov 25)
- Re: Cost to fix bugs pre-production Gary Gwin (Nov 25)
- Re: Cost to fix bugs pre-production Ivan Ristic (Nov 25)
- Re: Cost to fix bugs pre-production Peter Wood (Nov 26)
- RE: Cost to fix bugs pre-production Glyn (Nov 26)
- <Possible follow-ups>
- RE: Cost to fix bugs pre-production Eugene Chuvyrov (Nov 25)