Dailydave mailing list archives
Re: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did
From: Dave Aitel <dave () immunitysec com>
Date: Wed, 04 Feb 2004 10:42:29 -0500
Anton A. Chuvakin wrote:
This is crap. If you spend your whole life looking for security bugs in your product, then you find them. Continuously. You'll end up finding atIt well might be crap (I personally don't know), but I think his main point was: "Yes, it's faster and cheaper to design security into software than bolt it on afterward. But it's even fasterer and cheaperer to build crappy software to get the project rolled out immediately, please your boss and help the company make its quarterly number. Guess which path most organizations will always take." rather than whatever "6.5" times numbers to compare before and after QA. Best,
Yeah, I'm fairly sure his point is unassailable, since there's no way most information security writers would ever say anything even remotely attackable, for fear of being attacked. According to one study (conducted by my turtle "Turtle-I"), it's five times easier to just say what other people are saying than do actual thinking in your own head.
That's why I'm positing that it's actually a lot cheaper to just roll software out, handle the bad PR from occasional fish being caught, and maybe try to lobby congress to make vulnerability disclosure illegal. :>
-dave _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://www.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Dave Aitel (Feb 04)
- Re: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Rodney Thayer (Feb 04)
- Re: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Anton A. Chuvakin (Feb 04)
- Re: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Dave Aitel (Feb 04)
- RE: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Chris Eagle (Feb 04)
- Re: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Blue Boar (Feb 04)
- Re: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Dave Aitel (Feb 04)
- RE: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Chris Eagle (Feb 04)
- Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did Matt Hargett (Feb 04)
- RE: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did Chris Eagle (Feb 04)
- Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did Gunnar Peterson (Feb 04)
- Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did Sinan Eren (Feb 04)
- Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did H D Moore (Feb 04)
- Re: Lame studies that people quote as fact that haveno basis in reality and still don't prove anything even if they did Sinan Eren (Feb 04)
- Re: Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did Blue Boar (Feb 04)