WebApp Sec mailing list archives

RE: Cost to fix bugs pre-production

From: Eugene Chuvyrov <EChuvyrov () PDRestoration com>
Date: Tue, 25 Nov 2003 16:41:41 -0500

"Code Complete," a software development classic by Steve McConnell contains
numerous references to business, as well as programming literature on this
particular subject.  His "Rapid Development" most likely will drive the
point home too.

-----Original Message-----
From: Mark Curphey [mailto:mark () curphey com] 
Sent: Tuesday, November 25, 2003 4:01 PM
To: webappsec () securityfocus com
Subject: Cost to fix bugs pre-production 

A while back I read a research paper that compared some figures for the
financial cost of fixing an application security bug when it is in
development, pre-production and then finally in production. I have lost the
link. Does anyone know of any such papers ?

Has anyone ever seen a study of the cost of fixing a problem occurring from
code review against the cost of fixing an issue that got into production and
had to be retrofitted ?

Current thread:

Cost to fix bugs pre-production Mark Curphey (Nov 25)
- Re: Cost to fix bugs pre-production Gary Gwin (Nov 25)
- Re: Cost to fix bugs pre-production Ivan Ristic (Nov 25)
- Re: Cost to fix bugs pre-production Peter Wood (Nov 26)
- RE: Cost to fix bugs pre-production Glyn (Nov 26)
- <Possible follow-ups>
- RE: Cost to fix bugs pre-production Eugene Chuvyrov (Nov 25)