lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri May 5 03:17:43 2006 From: Valdis.Kletnieks at vt.edu (Valdis.Kletnieks@...edu) Subject: How many vendors knowingly ship GA product with security vulnerabilities? On Thu, 04 May 2006 18:15:18 PDT, Bill Stout said: > That's an excellent and well thought out reply. Sounds like you have > some experience in delivering software. Not commercial software. However, commercial software ship dates are infinitely flexible compared to "30,000 students are showing up Tuesday and the class registration and housing checking systems *have* to be ready" ;) > It would seem that if a few days buffer were built into the system, > specifically to check in security fixes prior to QA; that would be a > huge 'CYA' benefit to prevent those 'CLM' moves and to protect the > consumers of the software. Trust me - the original plan usually *starts* with *more* than "a few days buffer". Recommended reading: "The Mythical Man Month" by Fred Brooks - what he learned as the project manager for IBM's OS/360 operating system development, which still ranks as one of the biggest software development projects in history. One of the famous quotes from it: "Adding programmers to late software projects makes them later".... -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 226 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060504/4fcf1c81/attachment.bin
Powered by blists - more mailing lists