|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Dailydave] Lame studies that people quote as fact that have no basis in reality and still don't prove anything even if they did
From: Dave Aitel (dave
immunitysec.com)
Date: Wed Feb 04 2004 - 08:33:19 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
http://infosecuritymag.techtarget.com/ss/0,295796,sid6_iss306_art550,00.html
"""
Don't get me wrong. Building secure software is a laudable goal. It
boosts productivity and reduces costs. According to one study, it's 6.5
times more expensive to fix a security problem in the implementation
phase than in the design phase of a software rollout. By the time you
get to the maintenance phase, it's 100 times more expensive.
"""
This is crap. If you spend your whole life looking for security bugs in
your product, then you find them. Continuously. You'll end up finding at
least 100 times more than will ever come out in public. So you really
save a lot of money by doing everything in the QA phase, where it belongs.
-dave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]