[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri May 5 03:17:43 2006
From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu)
Subject: How many vendors knowingly ship GA product with
security vulnerabilities?
On Thu, 04 May 2006 18:15:18 PDT, Bill Stout said:
> That's an excellent and well thought out reply. Sounds like you have
> some experience in delivering software.
Not commercial software. However, commercial software ship dates are
infinitely flexible compared to "30,000 students are showing up Tuesday
and the class registration and housing checking systems *have* to be ready" ;)
> It would seem that if a few days buffer were built into the system,
> specifically to check in security fixes prior to QA; that would be a
> huge 'CYA' benefit to prevent those 'CLM' moves and to protect the
> consumers of the software.
Trust me - the original plan usually *starts* with *more* than "a few days
buffer".
Recommended reading: "The Mythical Man Month" by Fred Brooks - what he learned
as the project manager for IBM's OS/360 operating system development, which
still ranks as one of the biggest software development projects in history.
One of the famous quotes from it: "Adding programmers to late software projects
makes them later"....
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060504/4fcf1c81/attachment.bin
Powered by blists - more mailing lists