Jeff Jones Security Blog : What if We Had Vuln-Free Software?

Saturday, September 29, 2007 12:00 AM jrjones

What if We Had Vuln-Free Software?

I was in a meeting with a large group of security professional today talking about SDL, reducing vulnerabilities, metrics, and so on - my normal topics - and we got into a really interesting discussion about which areas of focus can get the best practical results for operational IT security.

How would it affect your IT department's focus if you could have a product with perfect security quality, or in other words, no expectation of exposure due to a vulnerability?

Read my recent CSOonline entry The 80/20 of Managing Software Risk for my thoughts.

Filed under: Security, Studies, Microsoft, Commentary

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

# News Items that Interested me this Week

Friday, October 19, 2007 3:12 PM by Michael Howard's Web Log

Each week (ok, mostly every week!) I'll post news items that interested me... Security analysis of Checkpoint

Name (required)
Your URL (optional)
Comments (required)

Enter Code Here: Required
Remember Me?

About jrjones

Jeff has been a security guy for 20 years. Some of the more interesting jobs he's done: security consultant doing risk assessments for the Air Force; security consultant for the NSA Orange Book program; kernel and TCP/IP developer for Trusted Xenix; Darpa researcher; VPN developer for Gauntlet firewall; security consultant in EMEA; Director of Product Management for McAfee corporate AV; VP of Product Management for PGP, Cybercop Scanner and Gauntlet firewall; and a director in the Microsoft security group.

Jeff Jones Security Blog

Search

Tags

News

Archives

Security Blogs I Read

Windows vs Linux Security Analysis

What if We Had Vuln-Free Software?

Comment Notification

Comments

# News Items that Interested me this Week

Leave a Comment

About jrjones