WebApp Sec mailing list archives
RE: Cost to fix bugs pre-production
From: Eugene Chuvyrov <EChuvyrov () PDRestoration com>
Date: Tue, 25 Nov 2003 16:41:41 -0500
"Code Complete," a software development classic by Steve McConnell contains numerous references to business, as well as programming literature on this particular subject. His "Rapid Development" most likely will drive the point home too. -----Original Message----- From: Mark Curphey [mailto:mark () curphey com] Sent: Tuesday, November 25, 2003 4:01 PM To: webappsec () securityfocus com Subject: Cost to fix bugs pre-production A while back I read a research paper that compared some figures for the financial cost of fixing an application security bug when it is in development, pre-production and then finally in production. I have lost the link. Does anyone know of any such papers ? Has anyone ever seen a study of the cost of fixing a problem occurring from code review against the cost of fixing an issue that got into production and had to be retrofitted ?
Current thread:
- Cost to fix bugs pre-production Mark Curphey (Nov 25)
- Re: Cost to fix bugs pre-production Gary Gwin (Nov 25)
- Re: Cost to fix bugs pre-production Ivan Ristic (Nov 25)
- Re: Cost to fix bugs pre-production Peter Wood (Nov 26)
- RE: Cost to fix bugs pre-production Glyn (Nov 26)
- <Possible follow-ups>
- RE: Cost to fix bugs pre-production Eugene Chuvyrov (Nov 25)