-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Margus Freudenthal wrote:
Consider the bridge example brought up earlier. If your bridge builder finished the job but said: "ohh, the bridge isn't secure though. If someone tries to push it at a certain angle, it will fall".
Ultimately it is a matter of economics. Sometimes releasing something earlier is worth more than the cost of later patches. And managers/customers are aware of it.
Unlike in the world of commercial software, I'm pretty sure you don't see a whole lot of construction contracts which absolve the architect of liability for design flaws. I think that is at the root of our problems. We know how to write secure software; there's simply precious little economic incentive to do so.
- -- David Talkington [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (FreeBSD)
iD8DBQFCV24Q5FKhdwBLj4sRAoC9AKCb6j5dKOLgFwDMuVa8giSbMvmW2gCfdwn7 QcS6J7NVPFsISzhLoBgQWHM= =0ZSy -----END PGP SIGNATURE-----