WebApp Sec: Of the three expensive vulnerability scanners

[simon59 () gmx de]

The mentality starting to permeate the sofwtare woprld is not new ; cf '80s
manufacturing total quality management ideas:

fixing errors after deployment costs a lot and has poor results, 
fixing errors in pilot and beta test phase has medium cost and medium effect
fixing errors at development stage has low cost and huge results


Therefore why are the huge software houses therefore producing millions of
lines of buggy code which someone will then have to fix at huge cost?

> Is it cheaper? 
> Are users are only interested in the latest and greatest, not in what
works reliably! 
> Are users prepared to buy buggy code and fix it at their own cost?
> do supply contracts for software, protect the purchaser rather than the
supplier 
> Are exclusion clauses protecting the supplier form prosecution in EULAs
legitimate?
> Can you sue a company for producing code which causes problems and costs?
> Is the legislature to blame?
> Are there efficient laws against writing faulty code?
> Are insurance premiums for companies who buy code from slop shops higher
than the ones for those who ensure that they buy quality products?

> Would you buy a car with no guarantee it will not kill or maim you and
others?

-- 
Geschenkt: 3 Monate GMX ProMail + 3 Top-Spielfilme auf DVD
++ Jetzt kostenlos testen http://www.gmx.net/de/go/mail ++