Thinking of Security Vulnerabilities As Defects

Don't just think of them as defects, treat them that way. Because they are! Doh!

ZDNet Zero-Day blogger Nate McFeters has asked the question, 'Should vulnerabilities be treated as defects?' McFeters claims that if vulnerabilities were treated as product defects, companies would have an effective way of forcing developers and business units to focus on security issue. McFeters suggests providing bonuses for good developers, and taking away from bonuses for those that can't keep up. It's an interesting approach that if used, might force companies to take a stronger stance on security related issues.

(link) [Slashdot]

09:22 /Technology | 0 comments | permanent link