On Mar 5, 2007, at 9:30 PM, Gary McGraw wrote:
I think some vendors have come around to the economics argument. In
every case, those vendors with extreme reputation exposure have
attempted to move past penetrate and patch. Microsoft, for one, is
trying hard, but (to use my broken leg
For a long time I thought that software product liability would
eventually be forced onto developers in response to their long-term
failure to take responsibility for their shoddy code. I was mistaken.
The pool of producers (i.e., the software industry) is probably too
small for such blunt
Kenneth Van Wyk wrote:
So, I applaud the public disclosure model from the standpoint of
consumer advocacy. But, I'm convinced that we need to find a process
that better balances the needs of the consumer against the secure
software engineering needs. Some patches can't reasonably be produced
