funsec mailing list archives
Re: "Perspective: Wresting free from a software straitjacket"
From: Paul Vixie <paul () vix com>
Date: Sat, 02 Dec 2006 16:24:27 +0000
... It is estimated that fixing software security problems in production environments can be more than 100 times more costly than doing so in the development cycle." ... http://news.com.com/2010-1002_3-6139456.html?part=rss&tag=2547-1_3-0-5Is the "100 times" part really correct? Can you confirm the factor for BIND? 8-)
for F/OSS, the factor is probably more like a million.
It seems to me that you need a holistic viewpoint to reach that factor.
yes.
Distributed patching is fairly cheap for vendors. And it seems that it doesn't matter from an end user perspective if you need to patch 10 or 100 or 1000 bugs per year, as long as the vendor packs as many bug fixes as possible into a single update which is released in a somewhat predictable manner. The step from 0 to 1 can be quite noticeable, though, especially if you didn't plan for patching at all.
some IT shops track all of their interdependencies, and so they don't apply every patch that comes along, and they eschew the jumbo patches altogether. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- "Perspective: Wresting free from a software straitjacket" Paul Vixie (Dec 01)
- Re: "Perspective: Wresting free from a software straitjacket" Florian Weimer (Dec 02)
- Re: "Perspective: Wresting free from a software straitjacket" Paul Vixie (Dec 02)
- <Possible follow-ups>
- RE: "Perspective: Wresting free from a software straitjacket" Young, Keith (Dec 01)
- RE: "Perspective: Wresting free from a software straitjacket" Nick FitzGerald (Dec 01)
- RE: "Perspective: Wresting free from a software straitjacket" Drsolly (Dec 02)
- RE: "Perspective: Wresting free from a software straitjacket" Rob, grandpa of Ryan, Trevor, Devon & Hannah (Dec 02)
- RE: "Perspective: Wresting free from a software straitjacket" Nick FitzGerald (Dec 01)
- RE: "Perspective: Wresting free from a software straitjacket" Drsolly (Dec 02)
- Re: "Perspective: Wresting free from a software straitjacket" Florian Weimer (Dec 02)
- RE: "Perspective: Wresting free from a software straitjacket" Fergie (Dec 01)
- RE: "Perspective: Wresting free from a software straitjacket" Nick FitzGerald (Dec 04)
- Re: "Perspective: Wresting free from a software straitjacket" Brian Loe (Dec 04)
- RE: "Perspective: Wresting free from a software straitjacket" David Harley (Dec 05)
- Re: "Perspective: Wresting free from a software straitjacket" Nick FitzGerald (Dec 05)
- RE: "Perspective: Wresting free from a software straitjacket" Nick FitzGerald (Dec 04)