|
|
Secure Programming
Charging customers on security Sep 23 2004 05:16PM King Pang (kingpang gmail com) (6 replies) RE: Charging customers on security Sep 27 2004 01:47PM Chris Matthews (cmatthews xn com) (1 replies) Re: Charging customers on security Sep 27 2004 04:36PM King Pang (kingpang gmail com) (3 replies) Re: Charging customers on security Sep 28 2004 09:51AM Andreas Krügersen (phoenix wyverex-cave net) RE: Charging customers on security Sep 28 2004 09:00AM Koen Vingerhoets (koen vingerhoets ubench be) Re: Charging customers on security Sep 26 2004 10:40PM wirepair (wirepair roguemail net) (7 replies) Re: Charging customers on security Sep 27 2004 04:20PM Adam Shostack (adam homeport org) (1 replies) Re: Charging customers on security Sep 27 2004 03:18PM Jeff Williams (jeff williams aspectsecurity com) Re: Charging customers on security Sep 27 2004 01:57PM ovi (marioara alexandru tin it) (2 replies) Re: Charging customers on security Sep 28 2004 03:12AM Glynn Clements (glynn clements virgin net) (2 replies) Re: Charging customers on security Sep 28 2004 08:29PM Wesley Shields (wxs csh rit edu) (1 replies) Re: Charging customers on security Sep 29 2004 05:39PM Jesper Anderson (jesper pobox com) (1 replies) RE: Charging customers on security Sep 27 2004 04:24PM Koen Vingerhoets (koen vingerhoets ubench be) |
|
Privacy Statement |
which can be deployed in an insecure manner.
Many people pay to have their car maintained so that it's safe to
drive, including checking the tire pressure to make sure they don't
randomly blow out.
--
Michael Conlen
On Sep 26, 2004, at 6:40 PM, wirepair wrote:
> Charging for security of your own applications? That seems pretty
> backwards to me. Why should
> the client who buys your software with the expectation that it works
> and is secure have to
> pay for the fact that it isn't? So when my seat belts are broken, and
> my tires randomly explode,
> I have to pay the car manufacturer more money to get these features
> fixed?
>
> duh?
> -wire
>
> On Thu, 23 Sep 2004 10:16:40 -0700
> King Pang <kingpang (at) gmail (dot) com [email concealed]> wrote:
>> Hello,
>> Our company developers Microsoft Solutions and I am responsible for
>> leading the security initiative in the corporation. I have spent a
>> lot of time and effort on how we should apply security guidance to our
>> product life cycle, such as adding threat modeling and doing security
>> review. But after I have convinced them that security is important,
>> we brought up a discussion on how we should charge our customers.
>> Many of you have customer experience. They want to pay the minimum
>> and have all the features. If they can choose not to pay, they won't.
>> If we tell them threat modeling will add x human-weeks of development
>> and we have to charge them x thousand dollars more, they won't pay.
>> Moreover, they expect the system to be secure enough and if there is
>> anything wrong, they would think that is our fault.
>> If any of you have any experience on dealing security with customers
>> and how you would deal with this issue, please throw in two cents. Any
>> comments or related articles would help too.
>> Warm Regards.
>
> --
> Visit Things From Another World for the best
> comics, movies, toys, collectibles and more.
> http://www.tfaw.com/?qt=wmf
>
--
Michael Conlen
meconlen (at) obfuscated (dot) net [email concealed]
[ reply ]