On Feb 23, 2010, at 10:06 AM, Jon McClintock wrote: > This provides a pretty good examination of the costs of patching > commercial software. Has anyone done a similar analysis for web > applications? I'd expect the costs to be dramatically lower, given > thant you're typically producing a single patch for a handful of > homogenous systems.
I don't think "webness" conveys any more homogeneity than, say "windowsness" or "linuxness." What part of being a web application provides homogeneity in a way that makes patching cheaper? Paco -- Paco Hope, CISSP - CSSLP Technical Manager, Cigital, Inc. http://www.cigital.com/ Software Confidence. Achieved. _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
