Slashdot Mirror

← Back to Stories (view on slashdot.org)

Thinking of Security Vulnerabilities As Defects

Posted by timothy on from the doesn't-everyone-already-think-that dept.

SecureThroughObscure writes "ZDNet Zero-Day blogger Nate McFeters has asked the question, 'Should vulnerabilities be treated as defects?' McFeters claims that if vulnerabilities were treated as product defects, companies would have an effective way of forcing developers and business units to focus on security issue. McFeters suggests providing bonuses for good developers, and taking away from bonuses for those that can't keep up. It's an interesting approach that if used, might force companies to take a stronger stance on security related issues."

3 of 158 comments (clear)

  1. Thread over. by Anonymous Coward · · Score: 5, Funny

    Thread over on the first post. Well done.

  2. No by blargfellow · · Score: 3, Funny

    Of course they aren't defects, they should be treated as features!

  3. Re:wait...what? by jd · · Score: 3, Funny

    Microsoft don't seem to treat scurity vulnerabilities. Mind you, they don't seem to treat defects, either, so I guess they are still treated as the same.

    --
    It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)