Secure Coding mailing list archives

Economics of Software Vulnerabilities

From: gem at cigital.com (Gary McGraw)
Date: Mon, 19 Mar 2007 16:12:37 -0400

Very interesting.  Crispin is in the throes of big software.  Anybody want to help me mount a rescue campaign from 
jamaica?

gem

company www.cigital.com
podcast www.cigital.com/silverbullet
blog www.cigital.com/justiceleague
book www.swsec.com


 -----Original Message-----
From:   Crispin Cowan [mailto:crispin at novell.com]
Sent:   Mon Mar 19 16:00:48 2007
To:     Gary McGraw
Cc:     Ed Reed; sc-l at securecoding.org
Subject:        Re: [SC-L] Economics of Software Vulnerabilities

Gary McGraw wrote:

I'm not sure vista is bombing because of good quality.   That certainly would be ironic.   

Word on the "way down in the guts" street is that vista is too many things cobbled together into one big kinda 
functioning mess.

I.e. it is mis-featured, and lacks on some integration. This is a
variation on not having desired features. And there certainly are big
features in Vista that were supposed to be there but aren't (most of
user-land being managed code, relational file system).

It is also infamously late.

So if the resources that were put into the code quality in Vista had
instead been put into features and ship-date, would it do better in the
marketplace?

Sure, that's heretical :) but it just might be true :(

Crispin, now believes that users are fundamentally what holds back security

-- 
Crispin Cowan, Ph.D.               http://crispincowan.com/~crispin/
Director of Software Engineering   http://novell.com
AppArmor Training at CanSec West   http://cansecwest.com/dojoapparmor.html





----------------------------------------------------------------------------
This electronic message transmission contains information that may be
confidential or privileged.  The information contained herein is intended
solely for the recipient and use by any other party is not authorized.  If
you are not the intended recipient (or otherwise authorized to receive this
message by the intended recipient), any disclosure, copying, distribution or
use of the contents of the information is prohibited.  If you have received
this electronic message transmission in error, please contact the sender by
reply email and delete all copies of this message.  Cigital, Inc. accepts no
responsibility for any loss or damage resulting directly or indirectly from
the use of this email or its contents.
Thank You.
----------------------------------------------------------------------------

Current thread:

Economics of Software Vulnerabilities, (continued)
- - - Economics of Software Vulnerabilities mudge (Mar 21)
    - Economics of Software Vulnerabilities Steven M. Christey (Mar 21)
    - Economics of Software Vulnerabilities McGovern, James F (HTSC, IT) (Mar 20)
    - Economics of Software Vulnerabilities Wall, Kevin (Mar 20)
    - Economics of Software Vulnerabilities McGovern, James F (HTSC, IT) (Mar 21)
    - Economics of Software Vulnerabilities Steven M. Christey (Mar 21)
    - Economics of Software Vulnerabilities security curmudgeon (Mar 23)
    - Economics of Software Vulnerabilities Gunnar Peterson (Mar 23)
    - Economics of Software Vulnerabilities Michael S Hines (Mar 20)
    - Economics of Software Vulnerabilities ljknews (Mar 20)
- Economics of Software Vulnerabilities Gary McGraw (Mar 19)
  - Economics of Software Vulnerabilities Crispin Cowan (Mar 19)
- Economics of Software Vulnerabilities David A. Wheeler (Mar 23)
  - Economics of Software Vulnerabilities McGovern, James F (HTSC, IT) (Mar 27)