Submitted via IRC for TheMightyBuzzard
The financial benefits of finding and fixing defects throughout the software development life cycle (SDLC), starting at the very beginning, ought to make doing it a no-brainer. It is both easier and cheaper. One should build secure software from the ground up.
[...] The findings of a 2016 Forrester Research study call to mind an ancient proverb: A stitch in time saves nine. Or, in the case of software development, fixing defects early in the SDLC could reduce remediation costs by a factor of anywhere from 5 to 15.
The study set a baseline example of 5 hours of work to fix a defect in the coding/development stage. Finding and fixing that same defect in the final testing phase would take 5–7 times longer. And waiting until after the product was on the market to discover and fix the same defect would take even longer and cost 10–15 times more.
That doesn't include the potential cost of damages from a bad guy discovering the defect first and exploiting it to attack users.
And to the frequently stated worry that ongoing security testing creates intolerable delays in time to market, Forrester found the opposite: that it cuts time to market by 25%.
Hat tip to the old slashcode crew who left us some very good tools for doing exactly this.
Source: https://www.helpnetsecurity.com/2018/05/08/build-secure-software/
(Score: 3, Insightful) by Gaaark on Tuesday May 08 2018, @08:08PM (1 child)
I'd say tell it to MS, but I don't think they realise what a defect or security is.
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 3, Insightful) by turgid on Wednesday May 09 2018, @08:57AM
How can they sell you the new, improved version if there's nothing significantly wrong with the old one?
I refuse to engage in a battle of wits with an unarmed opponent [wikipedia.org].