Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Economics of Software Vulnerabilities

From: crispin at novell.com (Crispin Cowan)
Date: Mon, 19 Mar 2007 14:00:09 -0600
Gary McGraw wrote:

I'm not sure vista is bombing because of good quality.   That certainly would be ironic.   

Word on the "way down in the guts" street is that vista is too many things cobbled together into one big kinda 
functioning mess.

I.e. it is mis-featured, and lacks on some integration. This is a
variation on not having desired features. And there certainly are big
features in Vista that were supposed to be there but aren't (most of
user-land being managed code, relational file system).

It is also infamously late.

So if the resources that were put into the code quality in Vista had
instead been put into features and ship-date, would it do better in the
marketplace?

Sure, that's heretical :) but it just might be true :(

Crispin, now believes that users are fundamentally what holds back security

-- 
Crispin Cowan, Ph.D.               http://crispincowan.com/~crispin/
Director of Software Engineering   http://novell.com
AppArmor Training at CanSec West   http://cansecwest.com/dojoapparmor.html
Previous By Date Next
Previous By Thread Next

Current thread: