On Mon, Feb 22, 2010 at 10:45:02AM -0500, Jeremy Epstein wrote:
> Take a look at Mary Ann Davidson's keynote at ACSAC in Dec 2009.
> http://www.acsac.org/2009/program/keynotes/davidson.pdf
This provides a pretty good examination of the costs of patching
commercial software. Has anyone done a simi
Ah, excellent - very helpful!
It appears that Laurie Williams at NCSU has inherited John Musa's
Software Reliability Engineering legacy, and is still active in the
field, and has a number of relevant security articles/papers listed
under Publications.
http://collaboration.csc.ncsu.edu/laurie/
On
Benjamin Tomhave wrote:
> ... we're looking for hard research or
> numbers that covers the cost to catch bugs in code pre-launch and
> post-launch. The notion being that the organization saves itself money
> if it does a reasonable amount of QA (and security testing)
> up front vs trying to chase t
Take a look at Mary Ann Davidson's keynote at ACSAC in Dec 2009.
http://www.acsac.org/2009/program/keynotes/davidson.pdf
On Mon, Feb 22, 2010 at 9:17 AM, Benjamin Tomhave
wrote:
> Howdy,
>
> This request is a bit time critical as it's supporting a colleague's
> upsell up the food chain tomorrow..
Howdy,
This request is a bit time critical as it's supporting a colleague's
upsell up the food chain tomorrow... we're looking for hard research or
numbers that covers the cost to catch bugs in code pre-launch and
post-launch. The notion being that the organization saves itself money
if it does a
