Slashdot Mirror


Is Finding Security Holes a Good Idea?

ekr writes "A lot of effort goes into finding vulnerabilities in software, but there's no real evidence that it actually improves security. I've been trying to study this problem and the results (pdf) aren't very encouraging. It doesn't look like we're making much of a dent in the overall number of vulnerabilities in the software we use. The paper was presented at the Workshop on Economics and Information Security 2004 and the slides can be found here (pdf)."

1 of 433 comments (clear)

  1. Security guy? by ajs · · Score: 4, Funny
    I'm confused about this guy. He claims to be a security consultant, but to quote his blog,
    "I replied to the mail and didn't check the recipients lines and my mailer helpfully sent a copy of my credit card # to everyone who had gotten the original message. Outstanding."

    Really. I didn't make that up, check the link! Who is this guy, and why is he giving me software security advice?!