Benjamin Tomhave wrote:
... we're looking for hard research or
numbers that covers the cost to catch bugs in code pre-launch and
post-launch. The notion being that the organization saves itself money
if it does a reasonable amount of QA (and security testing)
up front vs trying to chase
Ah, excellent - very helpful!
It appears that Laurie Williams at NCSU has inherited John Musa's
Software Reliability Engineering legacy, and is still active in the
field, and has a number of relevant security articles/papers listed
under Publications.
http://collaboration.csc.ncsu.edu/laurie/
On
On Mon, Feb 22, 2010 at 10:45:02AM -0500, Jeremy Epstein wrote:
Take a look at Mary Ann Davidson's keynote at ACSAC in Dec 2009.
http://www.acsac.org/2009/program/keynotes/davidson.pdf
This provides a pretty good examination of the costs of patching
commercial software. Has anyone done a
