On Thu, 31 Dec 1998, Mike Pelley wrote: > production machine. I explained that we had some things to work on, and > that we had a security review planned after we had ensured that the machine > was stable and functional. > When are vendors going to realize that security needs to be thought of at other points in the game then 'after-the-fact'? I'm not familiar with this particular product but I am, unfortunately, familiar with companies and product teams that follow this same backwards development routine. If you design with security in mind from the beginning you get a better product that is easier to maintain / verify. If you design the product and then think of security after the fact you are left with duct-tape and bubble-gum kludges as fixes. Is it me or is the industry taking a *really* long time to catch on to this? .mudge
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:26:55 PDT