RE: Charging customers on security
From: Michael Wojcik (Michael.Wojcik_at_microfocus.com)
To: firstname.lastname@example.org Date: Wed, 29 Sep 2004 10:46:58 -0700
> From: Wesley Shields [mailto:email@example.com]
> Sent: Tuesday, 28 September, 2004 16:29
> On Tue, Sep 28, 2004 at 04:12:54AM +0100, Glynn Clements wrote:
> > There's nothing ridiculous about the cost to the client reflecting the
> > development costs. Implementing security features takes time and
> > therefore costs money.
> Yes, and there is no excuse for not expending that effort.
Staying in business, so you can continue to develop, sell, and maintain the
software, is a perfectly good excuse.
> Keeping the cost to a customer low is a sound business decision,
It's the only reasonable decision if it makes the difference between success
and failure. Software firms that go out of business do not improve the
state of software security.
> but it quickly
> becomes outweighed by the number of bugs left open when not expending
> the effort to fix them because it will cost more money.
Historically this has not been true. The most profitable software companies
have not had to ensure their software is even close to bug-free. Why do you
believe the situation has changed?
> Personally, I'd rather pay more to know that the code was developed as
> best as it can possibly be developed than to pay less knowing
> there are some bugs.
Great. You just convince everyone else who buys software, and we'll all
start shipping only bug-free product.
(Why do so many people on this list believe that their opinion governs the
software marketplace? If it did, we wouldn't have these problems - the
market would have enforced software security long ago.)
-- Michael Wojcik Principal Software Systems Developer, Micro Focus