Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security SecProg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Charging customers on security

from [Yvan Boily] Network Security [Permanent Link]
Subject: RE: Charging customers on security
Date: Wed, 29 Sep 2004 16:21:08 -0500 
You retain your integrity, and you push your business as a provider of
secure technologies.  You promote security every way that you can using
legitimate methods (i.e. not using FUD).

You cite references which show that secure code is stable code, and use that
as a foundation for the reliability of your software.  If you need to you
buy the PHB a ticket to security conferences; get your secure application
installed and get references for the quality.

When you are marketing a superior product you must target the correct
audience.  Back to the automobile analogy; look at the difference between a
commercial promoting an Acura NSX, and a commercial promoting a Honda Civic
Coupe; do you really think they are targeting the same market?  The
marketing department targets the higher end consumer by producing material
that focuses on the prestige and image of the Acura while the Civic focuses
on the low cost and accessibility of the product.  This is how you should
sell the enhanced features of your product.

Yvan Boily 


-----Original Message-----
From: Jesper Anderson [mailto:jesper@pobox.com] 
Sent: Wednesday, September 29, 2004 12:40 PM
To: secprog@securityfocus.com
Cc: Wesley Shields
Subject: Re: Charging customers on security

On Tue, Sep 28, 2004 at 04:29:19PM -0400, Wesley Shields wrote:


Yes, and there is no excuse for not expending that effort.  Keeping 
the cost to a customer low is a sound business decision, but it 
quickly becomes outweighed by the number of bugs left open when not 
expending the effort to fix them because it will cost more money.


So what do you do when you are consistently outbid by 
developers who make the code work, and don't care about 
security - and the PHB's buy their services instead of yours?

There are plenty of excuses to not extend that effort. That 
is what spawned this whole discussion - how do you persuade 
the PHB that you actually are worth more money because your 
code will be secure?


Personally, I'd rather pay more to know that the code was 

developed as 

best as it can possibly be developed than to pay less knowing there 
are some bugs.


What you'd rather do doesn't help when the person buying doesn't.

Jesper
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Next by Date:  Re: Charging customers on security, Brandon Niemczyk
Next by Thread:  Re: Charging customers on security, Brandon Niemczyk
Indexes:  [Date] [Thread] [Top] [All Lists]