Very interesting. Crispin is in the throes of big software. Anybody want to help me mount a rescue campaign from jamaica?
gem company www.cigital.com podcast www.cigital.com/silverbullet blog www.cigital.com/justiceleague book www.swsec.com -----Original Message----- From: Crispin Cowan [mailto:[EMAIL PROTECTED] Sent: Mon Mar 19 16:00:48 2007 To: Gary McGraw Cc: Ed Reed; sc-l@securecoding.org Subject: Re: [SC-L] Economics of Software Vulnerabilities Gary McGraw wrote: > I'm not sure vista is bombing because of good quality. That certainly would > be ironic. > > Word on the "way down in the guts" street is that vista is too many things > cobbled together into one big kinda functioning mess. I.e. it is mis-featured, and lacks on some integration. This is a variation on not having desired features. And there certainly are big features in Vista that were supposed to be there but aren't (most of user-land being managed code, relational file system). It is also infamously late. So if the resources that were put into the code quality in Vista had instead been put into features and ship-date, would it do better in the marketplace? Sure, that's heretical :) but it just might be true :( Crispin, now believes that users are fundamentally what holds back security -- Crispin Cowan, Ph.D. http://crispincowan.com/~crispin/ Director of Software Engineering http://novell.com AppArmor Training at CanSec West http://cansecwest.com/dojoapparmor.html ---------------------------------------------------------------------------- This electronic message transmission contains information that may be confidential or privileged. The information contained herein is intended solely for the recipient and use by any other party is not authorized. If you are not the intended recipient (or otherwise authorized to receive this message by the intended recipient), any disclosure, copying, distribution or use of the contents of the information is prohibited. If you have received this electronic message transmission in error, please contact the sender by reply email and delete all copies of this message. Cigital, Inc. accepts no responsibility for any loss or damage resulting directly or indirectly from the use of this email or its contents. Thank You. ---------------------------------------------------------------------------- _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
