... in general we close off more bugs than we open nesting security
layers.
1) The only situation in which this may be true is when a small team designs
all the layers, all the way down to the iron. Even in this case there is no
evidence to support the assertion and there are numerous anecdotes that deny
it.
2) People can write code faster than they can find and fix bugs.
3) The number of bugs is in direct proportion to lines of code.
All that said, isn't the point to not create bugs in the first place?
(Unless, of course, you're paid to find them. Low-paid code writers and
high-paid code fixers brings to mind one hand washing the other. See
software contracts for Obamacare connectors. )
Cheers, Scott
P.S. Wouldn't it be more honest to start calling them 'faults' or 'errors'
or 'failures' rather than 'bugs'?
_______________________________________________
langsec-discuss mailing list
langsec-discuss@mail.langsec.org
https://mail.langsec.org/cgi-bin/mailman/listinfo/langsec-discuss