| FYI, there's a provocative article over on Dark Reading today.
| http://www.darkreading.com/document.asp?doc_id=140184
|
| The article quotes David Rice, who has a book out called
| Geekconomics: The Real Cost of Insecure Software. In it, he tried
| to quantify how much insecure software costs
On Nov 29, 2007 2:47 PM, Kenneth Van Wyk [EMAIL PROTECTED] wrote:
The article quotes David Rice, who has a book out called
Geekconomics: The Real Cost of Insecure Software. In it, he tried
to quantify how much insecure software costs the public and, more
controversially, proposes a
I think many companies are working on making their code more secure however
without some sort of
penality to the business the others aren't going to invest in security. This in
particular is why
I like what PCI has done (as an example) enforcing 'some' bare
requirements/penalties for not doing
Just as a traditional manufacturer would pay less tax by
becoming greener, the software manufacturer would pay less
tax for producing cleaner code, [...]
One could, I suppose, give rebates based on actual field experience:
Look at the number of security problems reported
On Nov 29, 2007 6:07 PM, Blue Boar [EMAIL PROTECTED] wrote:
Andy Steingruebl wrote:
I like contractual approaches to this problem myself. People buying
large quantities of software (large enterprises, governments) should
get contracts with vendors that specify money-back for each patch
