Jon,
I think you're getting out of the scope of the costing exercise. The
research and estimates around time to fix are based on the cost
associated with developing the patch, not with deploying it. One could
argue that the cost of fixing bugs - particularly major ones - is much
higher for web
: sc-l-boun...@securecoding.org [mailto:sc-l-boun...@securecoding.org] On
Behalf Of Benjamin Tomhave
Sent: Thursday, February 25, 2010 6:43 AM
To: Jon McClintock
Cc: SC-L@securecoding.org
Subject: Re: [SC-L] web apps are homogenous?
Jon,
I think you're getting out of the scope of the costing
On Wed, Feb 24, 2010 at 10:46:56AM -0500, Paco Hope wrote:
I don't think webness conveys any more homogeneity than, say windowsness
or linuxness.
What part of being a web application provides homogeneity in a way that makes
patching cheaper?
In a word, control. Let's compare two different
On Feb 23, 2010, at 10:06 AM, Jon McClintock wrote:
This provides a pretty good examination of the costs of patching
commercial software. Has anyone done a similar analysis for web
applications? I'd expect the costs to be dramatically lower, given
thant you're typically producing a single