The Bean Counters
Many years ago, a car was manufactured with a design flaw resulting in the gas tank catching fire when the car was struck from behind. Many deaths stemmed from this mechanical flaw. It was later revealed during subsequent wrongful death court cases, that the vehicle’s manufacturer was aware of the problem, had performed a risk/benefit analysis, and determined the cost to fix the problem would exceed any penalty levied by the courts.
As a software security professional, you may question – what type of software could result in a risk to life? Imagine, however, a faulty calculation in medical device’s software, possibly causing death if the calculation was significantly incorrect. Or aviation software, where the failure can result in numerous deaths. Additionally, agricultural software controlling the amount of pesticides sprayed into a crop of food could result in illness or death, if improperly programmed.
The question you must ask yourself is, how would you respond if you found yourself in a similar situation?
Not All Flaws Are Fatal
All software has problems, and fortunately, not all of those problems result in death. However, to a lesser extent, even small software flaws can result in losses to a company in time, money, and reputation. Part of your job as a software security lifecycle professional is to protect against negative events. How assertive should you be when a flaw is uncovered? Or mor ..
Support the originator by clicking the read the rest link below.
