|
|
|
Sponsored Link •
|
Summary
Chris Wysopal likens application security debt to technical debt in a couple of recent blog posts. It turns out that the debt metaphor is particularly apt as, like financial debt, application security debt is susceptible to interest rate fluctuations.
|
Advertisement
|
Chris Wysopal likens application security debt to technical debt in a couple of recent blog posts. It turns out that the debt metaphor is particularly apt as, like financial debt, application security debt is susceptible to interest rate fluctuations.
The threat landscape changes in the application's life time. Unfortunately, security interest rates are much more likely to go up than down as new vulnerabilities are disclosed and the application gains mind share. The former makes it easier for attackers to compromise the application, the latter provides them with a greater incentive. An effect that Chris missed is the tendency for an application to increase its attack surface as it is extended with new functionality.
Leverage through financial debt can help a company grow and, similarly, so can technical debt. However, as interest rates become punitive, clearly the time to de-leverage has come. Chris presents a model to quantify the dollar cost of the debt, but, frankly, the calculations are tenuous, as he admits himself. I would feel happier with qualitative guidelines. What do you think the tell-tale signs are for the need to de-leverage?
Have an opinion? Readers have already posted 5 comments about this weblog entry. Why not add yours?
If you'd like to be notified whenever Johan Peeters adds a new entry to his weblog, subscribe to his RSS feed.
 | Johan Peeters is an independent software architect who spends a lot of time plumbing and generally fixing leaks. |
|
Sponsored Links
|
Digg
del.icio.us
Reddit