• dejected_warp_core@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    7 months ago

    A times B times C equals X. If X is more than the cost of a failure or security breach, we don’t fix the software.

    Are there a lot of these kinds of problems?

    You wouldn’t believe.

    Which Fortune 500 company do you work for?

    A major one.

    • henfredemars@infosec.pub
      link
      fedilink
      English
      arrow-up
      2
      ·
      7 months ago

      I now work for a small business but in the interest of not getting bitten in the ass I don’t wish to give the name of my previous employer. It was a large defense contractor, but our values didn’t align so I moved on when I found another opportunity to put food on the table. I know that’s not a satisfying answer but I’m here for entertainment value and the opportunity cost might not be worth it. My main point was that even though they have the money they didn’t see the value in good software process.

      All the time! We would leave bugs unfixed even if the fix was trivially easy because management felt productive listing it as a cost savings. Software maintenance was seen as a necessary evil.

      • dejected_warp_core@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        7 months ago

        Software maintenance was seen as a necessary evil.

        The most important lesson I learned about the economics of software is that sourcecode is always accounted as a liability and not an asset. Accountants will never let you code your way into more value. Everything else you see stems from that truth.