On Mon, 7 Nov 2005, Christian Kuhtz wrote: > > How so? Haven't we recently seen an across the board bug in > > multiple version of $vendor code? > > And that's evidence of what other than nobody is willing to pay for what it > takes to get better code out of $vendor? > > Code can be built better. It just isn't always economical to do so.
In some business models. Financial reports regularly hint that $vendor has margins far exceeding the costs necessity to clean up security-critical code. When the aggregate margins drop thanks to folks choosing $vendor2 because $vendor has decided to let security flaws stew, it's time for $vendor to reevaluate that business model -- at least a little. -- -- Todd Vierling <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
