Re: ROI for secure software engineering

From: Pete Lindstrom (petelindat_private)
Date: Fri Feb 07 2003 - 22:18:13 PST

Next message: John Viega: "safestr alpha (Safe C String Library)"

Previous message: David Wheeler: "Re: secprog Digest 8 Feb 2003 03:21:18 -0000 Issue 140"
Maybe in reply to: Artem Frolov: "ROI for secure software engineering"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <200302041951.10523.frolovat_private> this might help: http://www.nist.gov/public_affairs/releases/n02-10.htm It is a study about costs of poor software engineering. Good luck. Pete >Received: (qmail 9482 invoked from network); 4 Feb 2003 17:41:32 -0000 >Received: from outgoing2.securityfocus.com (HELO outgoing.securityfocus.com) (205.206.231.26) > by mail.securityfocus.com with SMTP; 4 Feb 2003 17:41:32 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [205.206.231.19]) > by outgoing.securityfocus.com (Postfix) with QMQP > id 3BF058F2F6; Tue, 4 Feb 2003 10:17:15 -0700 (MST) >Mailing-List: contact secprog-helpat_private; run by ezmlm >Precedence: bulk >List-Id: <secprog.list-id.securityfocus.com> >List-Post: <mailto:secprogat_private> >List-Help: <mailto:secprog-helpat_private> >List-Unsubscribe: <mailto:secprog-unsubscribeat_private> >List-Subscribe: <mailto:secprog-subscribeat_private> >Delivered-To: mailing list secprogat_private >Delivered-To: moderator for secprogat_private >Received: (qmail 29109 invoked from network); 4 Feb 2003 16:41:32 -0000 >Content-Type: text/plain; > charset="koi8-r" >From: Artem Frolov <frolovat_private> >Organization: ISPRAS >To: secprogat_private >Subject: ROI for secure software engineering >Date: Tue, 4 Feb 2003 19:51:10 +0300 >User-Agent: KMail/1.4.1 >MIME-Version: 1.0 >Content-Transfer-Encoding: 8bit >Message-Id: <200302041951.10523.frolovat_private> > >Hello > >I am looking for methods to calculate return on investment in secure software >engineering practices. Since it is impossible to create absolutely secure >software (let alone define what is absolutely secure) it would be good to >know how much to spend for developer education, code reviews and so on, to >reach some kind of break-even point. > >I found many sites on the net which cover ROI to the application security, but >none dedicated to the finance of the secure software engineering. If you know >some links, please, share your knowledge. > >Thanks > >-- > Artem Frolov <frolovat_private> > > > >

Next message: John Viega: "safestr alpha (Safe C String Library)"
Previous message: David Wheeler: "Re: secprog Digest 8 Feb 2003 03:21:18 -0000 Issue 140"
Maybe in reply to: Artem Frolov: "ROI for secure software engineering"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Feb 10 2003 - 15:27:37 PST