: sc-l-boun...@securecoding.org [mailto:sc-l-boun...@securecoding.org] On
Behalf Of Benjamin Tomhave
Sent: Thursday, February 25, 2010 6:43 AM
To: Jon McClintock
Cc: SC-L@securecoding.org
Subject: Re: [SC-L] web apps are homogenous?
Jon,
I think you're getting out of the scope of the co
Jon,
I think you're getting out of the scope of the costing exercise. The
research and estimates around "time to fix" are based on the cost
associated with developing the patch, not with deploying it. One could
argue that the cost of fixing bugs - particularly major ones - is much
higher for web a
On Wed, Feb 24, 2010 at 10:46:56AM -0500, Paco Hope wrote:
> I don't think "webness" conveys any more homogeneity than, say "windowsness"
> or "linuxness."
>
> What part of being a web application provides homogeneity in a way that makes
> patching cheaper?
In a word, control. Let's compare two
On Feb 23, 2010, at 10:06 AM, Jon McClintock wrote:
> This provides a pretty good examination of the costs of patching
> commercial software. Has anyone done a similar analysis for web
> applications? I'd expect the costs to be dramatically lower, given
> thant you're typically producing a singl