[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <200730.1341838061@turing-police.cc.vt.edu>
Date: Mon, 09 Jul 2012 08:47:41 -0400
From: valdis.kletnieks@...edu
To: "Stefan Kanthak" <stefan.kanthak@...go.de>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: How much time is appropriate for fixing a bug?
On Sun, 08 Jul 2012 14:07:52 +0200, "Stefan Kanthak" said:
> The "industry" will (typically) not fix any error if the cost for fixing
> exceeds the loss (or revenue) that this fix creates, including the vendors
> gain/loss of reputation, gain/loss of stock value, loss of money in court
> cases or due to compensations, loss of (future) sales due to (dis-)satisfied
> customers, ...
Court cases? *Really*? When was the last time you saw a court case about
defective COTS software? You see the occasional squabble regarding bespoke
one-off developments, but your average shrink-wrapped EULA does a pretty good
job of absolving the vendor from all blame, no matter how egregious the error.
Oftentimes, they even manage to waive responsibility for the common-law
concepts of "merchantability" or "fitness for intended use".
> Joe Average can't tell the difference between a program which is designed,
> developed, built and maintained according to the state of the art, and some
> piece of crap that is not.
That's OK. Those of us who do this for a living are *also* often hard-pressed
to find any notable difference between "state of the art" and "piece of crap",
as they're about as close as the two level of a hyperfine transition of a cesium
atom.
Content of type "application/pgp-signature" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists