WebApp Sec mailing list archives

Re: Cost to fix bugs pre-production

From: Peter Wood <peterw () firstbase co uk>
Date: Wed, 26 Nov 2003 08:55:18 +0000

I did some research last year on this topic and have these two links:

www.sbq.com - Hoover database (@Stake)

http://www.csds.uidaho.edu/~hummer/index.htm - University of Idaho Hummerproject


regards
Pete

At 21:01 25/11/2003, Mark Curphey wrote:
>A while back I read a research paper that compared some figures for the
>financial cost of fixing an application security bug when it is in
>development, pre-production and then finally in production. I have lost the
>link. Does anyone know of any such papers ?
>
>Has anyone ever seen a study of the cost of fixing a problem occurring from
>code review against the cost of fixing an issue that got into production and
>had to be retrofitted ?

----------------------------------------------------------
Peter Wood
Chief of Operations
First Base Technologies
+44 (0)1273 454525
www.fbtechies.co.uk
www.white-hats.co.uk

Current thread:

Cost to fix bugs pre-production Mark Curphey (Nov 25)
- Re: Cost to fix bugs pre-production Gary Gwin (Nov 25)
- Re: Cost to fix bugs pre-production Ivan Ristic (Nov 25)
- Re: Cost to fix bugs pre-production Peter Wood (Nov 26)
- RE: Cost to fix bugs pre-production Glyn (Nov 26)
- <Possible follow-ups>
- RE: Cost to fix bugs pre-production Eugene Chuvyrov (Nov 25)