RE: Cost to fix bugs pre-production

["Glyn" <glyng () moiler com>]

Sanctum have some analysis in their white-paper for AppScan...

http://www.sanctuminc.com/pdf/AppScan_35_WhitePaperFINAL.pdf

> -----Original Message-----
> From: Mark Curphey [mailto:mark () curphey com] 
> Sent: 26 November 2003 07:01
> To: webappsec () securityfocus com
> Subject: Cost to fix bugs pre-production 
>
>
> A while back I read a research paper that compared some 
> figures for the financial cost of fixing an application 
> security bug when it is in development, pre-production and 
> then finally in production. I have lost the link. Does anyone 
> know of any such papers ?
>
> Has anyone ever seen a study of the cost of fixing a problem 
> occurring from code review against the cost of fixing an 
> issue that got into production and had to be retrofitted ?