|
|
Secure Programming
Charging customers on security Sep 23 2004 05:16PM King Pang (kingpang gmail com) (6 replies) RE: Charging customers on security Sep 27 2004 01:47PM Chris Matthews (cmatthews xn com) (1 replies) Re: Charging customers on security Sep 27 2004 04:36PM King Pang (kingpang gmail com) (3 replies) Re: Charging customers on security Sep 28 2004 09:51AM Andreas Krügersen (phoenix wyverex-cave net) RE: Charging customers on security Sep 28 2004 09:00AM Koen Vingerhoets (koen vingerhoets ubench be) Re: Charging customers on security Sep 26 2004 10:40PM wirepair (wirepair roguemail net) (7 replies) Re: Charging customers on security Sep 27 2004 04:20PM Adam Shostack (adam homeport org) (1 replies) Re: Charging customers on security Sep 27 2004 03:18PM Jeff Williams (jeff williams aspectsecurity com) Re: Charging customers on security Sep 27 2004 01:57PM ovi (marioara alexandru tin it) (2 replies) Re: Charging customers on security Sep 28 2004 03:12AM Glynn Clements (glynn clements virgin net) (2 replies) Re: Charging customers on security Sep 28 2004 08:29PM Wesley Shields (wxs csh rit edu) (1 replies) Re: Charging customers on security Sep 29 2004 05:39PM Jesper Anderson (jesper pobox com) (1 replies) RE: Charging customers on security Sep 27 2004 04:24PM Koen Vingerhoets (koen vingerhoets ubench be) |
|
Privacy Statement |
secure technologies. You promote security every way that you can using
legitimate methods (i.e. not using FUD).
You cite references which show that secure code is stable code, and use that
as a foundation for the reliability of your software. If you need to you
buy the PHB a ticket to security conferences; get your secure application
installed and get references for the quality.
When you are marketing a superior product you must target the correct
audience. Back to the automobile analogy; look at the difference between a
commercial promoting an Acura NSX, and a commercial promoting a Honda Civic
Coupe; do you really think they are targeting the same market? The
marketing department targets the higher end consumer by producing material
that focuses on the prestige and image of the Acura while the Civic focuses
on the low cost and accessibility of the product. This is how you should
sell the enhanced features of your product.
Yvan Boily
> -----Original Message-----
> From: Jesper Anderson [mailto:jesper (at) pobox (dot) com [email concealed]]
> Sent: Wednesday, September 29, 2004 12:40 PM
> To: secprog (at) securityfocus (dot) com [email concealed]
> Cc: Wesley Shields
> Subject: Re: Charging customers on security
>
> On Tue, Sep 28, 2004 at 04:29:19PM -0400, Wesley Shields wrote:
> >
> > Yes, and there is no excuse for not expending that effort. Keeping
> > the cost to a customer low is a sound business decision, but it
> > quickly becomes outweighed by the number of bugs left open when not
> > expending the effort to fix them because it will cost more money.
>
> So what do you do when you are consistently outbid by
> developers who make the code work, and don't care about
> security - and the PHB's buy their services instead of yours?
>
> There are plenty of excuses to not extend that effort. That
> is what spawned this whole discussion - how do you persuade
> the PHB that you actually are worth more money because your
> code will be secure?
>
> > Personally, I'd rather pay more to know that the code was
> developed as
> > best as it can possibly be developed than to pay less knowing there
> > are some bugs.
>
> What you'd rather do doesn't help when the person buying doesn't.
>
> Jesper
>
>
[ reply ]