Do you not read well or understand well. I thought I made it pretty clear. "Flip side of that is that companies that can dish out the money might skimp on the security and code testing in the beginning but that just means more money to the independent testers." I did not say better or cheaper. In reality it could be very expensive to not engineer good code up front. Look at IE. Independent testers could get a steady paycheck out of that one peice of MS software. The idea that by putting money up in advance to encourage people to find the flaw is almost as good as making it open source. The more people looking the more likely a hole will be found until the software is decently hardened or the company can't take it anymore and pulls the plug on their flop. Anything is better than eBay or shady deals.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/11364/32900#32900