[86487] in North American Network Operators' Group
Re: Networking Pearl Harbor in the Making
daemon@ATHENA.MIT.EDU (Todd Vierling)
Mon Nov 7 12:20:29 2005
Date: Mon, 7 Nov 2005 12:16:58 -0500 (EST)
From: Todd Vierling <tv@duh.org>
To: Christian Kuhtz <kuhtzch@corp.earthlink.net>
Cc: "Hannigan, Martin" <hannigan@verisign.com>,
Simon Waters <simonw@zynet.net>, nanog@nanog.org
In-Reply-To: <B94167F5-6AB8-4522-8CE9-00B8F77FC83F@corp.earthlink.net>
Errors-To: owner-nanog@merit.edu
On Mon, 7 Nov 2005, Christian Kuhtz wrote:
> > How so? Haven't we recently seen an across the board bug in
> > multiple version of $vendor code?
>
> And that's evidence of what other than nobody is willing to pay for what it
> takes to get better code out of $vendor?
>
> Code can be built better. It just isn't always economical to do so.
In some business models.
Financial reports regularly hint that $vendor has margins far exceeding the
costs necessity to clean up security-critical code. When the aggregate
margins drop thanks to folks choosing $vendor2 because $vendor has decided
to let security flaws stew, it's time for $vendor to reevaluate that
business model -- at least a little.
--
-- Todd Vierling <tv@duh.org> <tv@pobox.com> <todd@vierling.name>
