Re: Charging customers on security
From: Adam Shostack (adam_at_homeport.org)
Date: 09/27/04
- Previous message: Michael Wojcik: "RE: Charging customers on security"
- In reply to: wirepair: "Re: Charging customers on security"
- Next in thread: S. M.: "Re: Charging customers on security"
- Reply: S. M.: "Re: Charging customers on security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 27 Sep 2004 12:20:55 -0400 To: wirepair <wirepair@roguemail.net>
You could point out that microsoft and oracle are advertising the
security and reliability of their applications, and it may be a
competitive advantage if you devote resources to it.
Adam
On Sun, Sep 26, 2004 at 02:40:29PM -0800, wirepair wrote:
| Charging for security of your own applications? That seems pretty backwards
| to me. Why should
| the client who buys your software with the expectation that it works and is
| secure have to
| pay for the fact that it isn't? So when my seat belts are broken, and my
| tires randomly explode,
| I have to pay the car manufacturer more money to get these features fixed?
|
| duh?
| -wire
|
| On Thu, 23 Sep 2004 10:16:40 -0700
| King Pang <kingpang@gmail.com> wrote:
| >Hello,
| >
| >Our company developers Microsoft Solutions and I am responsible for
| >leading the security initiative in the corporation. I have spent a
| >lot of time and effort on how we should apply security guidance to our
| >product life cycle, such as adding threat modeling and doing security
| >review. But after I have convinced them that security is important,
| >we brought up a discussion on how we should charge our customers.
| >
| >Many of you have customer experience. They want to pay the minimum
| >and have all the features. If they can choose not to pay, they won't.
| >If we tell them threat modeling will add x human-weeks of development
| >and we have to charge them x thousand dollars more, they won't pay.
| >Moreover, they expect the system to be secure enough and if there is
| >anything wrong, they would think that is our fault.
| >
| >If any of you have any experience on dealing security with customers
| >and how you would deal with this issue, please throw in two cents. Any
| >comments or related articles would help too.
| >
| >Warm Regards.
|
| --
| Visit Things From Another World for the best
| comics, movies, toys, collectibles and more.
| http://www.tfaw.com/?qt=wmf
- Previous message: Michael Wojcik: "RE: Charging customers on security"
- In reply to: wirepair: "Re: Charging customers on security"
- Next in thread: S. M.: "Re: Charging customers on security"
- Reply: S. M.: "Re: Charging customers on security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
