Re: Charging customers on security

From: ovi (marioara.alexandru_at_tin.it)
Date: 09/27/04

  • Next message: Yoav Nir: "RE: Charging customers on security" 
    To: secprog@securityfocus.com
Date: Mon, 27 Sep 2004 13:57:11 +0000

    It's ridiculous. What are you saying ?? If I as a client, don't pay you for
    having a stable and secure program you sell me a buggy one???? Not even M$ is
    thinking this way anymore, although they continue to sell buggy OS.

    On Sunday 26 September 2004 22:40, wirepair wrote:
    > Charging for security of your own applications? That seems pretty backwards
    > to me. Why should the client who buys your software with the expectation
    > that it works and is secure have to pay for the fact that it isn't? So when
    > my seat belts are broken, and my tires randomly explode, I have to pay the
    > car manufacturer more money to get these features fixed?
    >
    > duh?
    > -wire
    >
    > On Thu, 23 Sep 2004 10:16:40 -0700
    >
    > King Pang <kingpang@gmail.com> wrote:
    > > Hello,
    > >
    > > Our company developers Microsoft Solutions and I am responsible for
    > > leading the security initiative in the corporation. I have spent a
    > > lot of time and effort on how we should apply security guidance to our
    > > product life cycle, such as adding threat modeling and doing security
    > > review. But after I have convinced them that security is important,
    > > we brought up a discussion on how we should charge our customers.
    > >
    > > Many of you have customer experience. They want to pay the minimum
    > > and have all the features. If they can choose not to pay, they won't.
    > > If we tell them threat modeling will add x human-weeks of development
    > > and we have to charge them x thousand dollars more, they won't pay.
    > > Moreover, they expect the system to be secure enough and if there is
    > > anything wrong, they would think that is our fault.
    > >
    > > If any of you have any experience on dealing security with customers
    > > and how you would deal with this issue, please throw in two cents. Any
    > > comments or related articles would help too.
    > >
    > > Warm Regards.
    >
    > --
    > Visit Things From Another World for the best
    > comics, movies, toys, collectibles and more.
    > http://www.tfaw.com/?qt=wmf

  • Next message: Yoav Nir: "RE: Charging customers on security"

    Relevant Pages

    • Re: Charging customers on security
      ... the code will be secure. ... Aspect Security, Inc. ... > I have to pay the car manufacturer more money to get these features fixed? ... >> we brought up a discussion on how we should charge our customers. ...
      (SecProg)
    • Re: More on jobs & immigrants
      ... >> don't get paid, and we all NEED the pay because if we don't get that pay, ... >> the doctor no one challenges the doctor to give a ... > imagine that, perhaps, most people are actually "sheeple". ... > security they sacrifice their freedoms for is but an illusion. ...
      (sci.research.careers)
    • RE: Charging customers on security
      ... In todays world of application integration - your system is only as secure ... module or communication point opens up the entire solution for as many holes ... of every potential security hole in every system that would ever interact). ... If it boils down to it - and the client is not willing to pay for the added ...
      (SecProg)
    • RE: Charging customers on security
      ... Customers get what they're willing to pay for. ... additional cost of producing a secure and working product, ... >> Charging for security of your own applications? ...
      (SecProg)
    • Re: This may be goodbye..
      ... I was in the same situation in 1998.My child support payments were,$150.00 ... security DECISION.it TOOK OVER 21/2 YEARS.I OWED over $19,000.00.Sorry hit ... It was not $150 a week as ordered in the divorce agreement.The judge changed ... Social Security will not pay yours if any ...
      (alt.support.chronic-pain)