Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Software Patches Eat Government IT's Lunch
Newest First  |  Oldest First  |  Threaded View
WKash
50%
50%
WKash,
User Rank: Apprentice
9/17/2013 | 12:50:08 PM
re: Software Patches Eat Government IT's Lunch
There's an interesting story and commentary on the importance of, and the balance between, software developers who crank out code and product managers who are responsible for the customer experience. See "Why your software development process is broken" at: http://www.informationweek.com...
WKash
50%
50%
WKash,
User Rank: Apprentice
9/17/2013 | 12:38:19 PM
re: Software Patches Eat Government IT's Lunch
This misses the point of what the Marine Corps and other large scale organizations are facing. First, the Marine Corps can't just software A and switch to software B because software A is costing more to update/fix. Second, we're talking about high costs because of the large number of users and devices that exist. The Marine Corps works with the US Navy. Together they have more than 800,000 users on the network. Simple bug fixes and version updates may not be a big deal for an organization of 1000 workers. It's a much different and more expensive matter for large organizations.
blowenth
50%
50%
blowenth,
User Rank: Apprentice
9/7/2013 | 3:04:49 PM
re: Software Patches Eat Government IT's Lunch
I find it interesting when people complain that they are losing
money as a result of applying software fixes.



The simple answer for organizations that are losing money applying
software fixes is for the organizations to discontinue using the
software. Then they would they recover those "losses" -- right?



But, of course, they will nearly always "lose" even more money if
they discontinue using the software. Adoption of nearly all
business software products results in cost reduction of
actions that can already be performed. There is often very quick
adoption of new products that provide significant cost reductions
because the people that purchase the products can get their money
back in less than a year and then go on to get significant cost
reductions year over year. However, people still gripe because
they don't save even more because of product defects.



For example, Larry Ellison of Oracle said that Oracle saved a Billion dollars a year when it
adopted Internet technology products for HR and other internal processes. -- I believe
it. Now Oracle could have saved even more that a Billion dollars
if there were no product defects. Lets suppose Oracle saved
$1,000,000,000 but if there were no product defects they would have
saved $1,010,000,000. Now Larry could say that Oracle lost
$10,000,000 by adoption of Internet technology products --- and it
would be true using the logic of the per "Software Patches Eat
Government IT's Lunch" story.



Software, unlike almost all other products, is peculiar because
customers pay to get fixes to defects in delivered products. Why
is this? Why do customers purchase such products and then have to
pay to have design defects repaired. Lets consider to companies
building the same type of software products.


Lets say Company A gets the product out in 2010 where it is
purchased by the Bank of America. Lets stay that Company A's
product has many software defects costing BoA $10,000,000 during
the next two years. Lets say Bank of America, saves
$500,000,000 per year because of the adoption.

Lets say Company B gets the product out in 2012 at the same
price as Company A and because of the extra two years of
testing, software defects cost $0 per year and the Bank of
America starts saving $500,000,000 per year at that point.
What's the better deal for the Bank of America?

Did Bank of America lose $10,000,000 by adopting Company A's
product or did it lose $990,000,000 by waiting to adopt Company
B's bug free product?



Of course there are tradeoffs here. If the products have too many
bugs then they become unfit for use. But competition typically
sorts this out.



Anyway, the bottom line here is that when you hear about
organizations losing money because of the cost of applying fixes for
software defects, its probably not the case that the organization
lost money by adopting the use of that software. They just want to save even more -- and that is good. However, sometimes it's
good to remind people to consider all the costs and benefits.
WKash
50%
50%
WKash,
User Rank: Apprentice
9/5/2013 | 6:58:06 PM
re: Software Patches Eat Government IT's Lunch
Government gets a lot criticism for its bureaucratic ways, but it does offer a template, courtesy of the National Institute of Standards and Technology, for how software code can be certified to meet certain operating standards. Enterprises would be better served if there were standards software developers could agree to that, as you say, using an automated process, would give software the equivalent of a clean bill of health. That won't address the need for updates, as you say, but it would give customers more confidence in what they're buying. And that hopefully would led to marketplace choices that would reward the more responsible developers.
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
9/5/2013 | 5:04:24 PM
re: Software Patches Eat Government IT's Lunch
A bug is anything that negatively impacts user experience. That means it does not need to be a coding error. The code can be all well, but if using the application is so complicated that it will lead to many mistakes the software is buggy and needs fixing.
A big problem these days are indeed the ridiculously short times to market as well as the 'agile' methods that reward not committing to anything, no planning, no documentation, and rapid releases of something. I think we all would better served by spending a few months up front to design applications and make up our minds as to what we really want, then build that. Sure, flexibility is always needed as some aspects come up while doing the development work, but it just doesn't pan out when doing everything on the fly.
MarciaNWC
50%
50%
MarciaNWC,
User Rank: Apprentice
9/4/2013 | 9:07:41 PM
re: Software Patches Eat Government IT's Lunch
Would be interesting to see those reports Jack cites indicating that 25% of hospital operating room liability
lawsuits are now tied to software coding problems.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
9/4/2013 | 2:40:33 PM
re: Software Patches Eat Government IT's Lunch
Excellent analysis. Patches have always been painful, and seem to be getting more so. The "goods vs. service" distinction is a factor those choosing between SaaS and COTS should consider.
cbabcock
50%
50%
cbabcock,
User Rank: Apprentice
9/3/2013 | 7:30:47 PM
re: Software Patches Eat Government IT's Lunch
Software patches are often updates, not bugs in the sense of poor code needing corrections, to bring an application into line with updates elsewhere in itself or to keep it compatible with a wider set of software. We need to get to the point where software is built in such a standard fashion that updating it is a standard, and automated, process. This is where cloud vendors start to draw away in terms of efficiency from the one-of-everything enterprise data center.


Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Active Directory Needs an Update: Here's Why
Raz Rafaeli, CEO and Co-Founder at Secret Double Octopus,  1/16/2020
New Attack Campaigns Suggest Emotet Threat Is Far From Over
Jai Vijayan, Contributing Writer,  1/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-3622
PUBLISHED: 2020-01-22
A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18.
CVE-2020-5221
PUBLISHED: 2020-01-22
In uftpd before 2.11, it is possible for an unauthenticated user to perform a directory traversal attack using multiple different FTP commands and read and write to arbitrary locations on the filesystem due to the lack of a well-written chroot jail in compose_abspath(). This has been fixed in versio...
CVE-2019-19834
PUBLISHED: 2020-01-22
Directory Traversal in ruckus_cli2 in Ruckus Wireless Unleashed through 200.7.10.102.64 allows a remote attacker to jailbreak the CLI via enable->debug->script->exec with ../../../bin/sh as the parameter.
CVE-2019-19836
PUBLISHED: 2020-01-22
AjaxRestrictedCmdStat in zap in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote code execution via a POST request that uses tools/_rcmdstat.jsp to write to a specified filename.
CVE-2019-19843
PUBLISHED: 2020-01-22
Incorrect access control in the web interface in Ruckus Wireless Unleashed through 200.7.10.102.64 allows remote credential fetch via an unauthenticated HTTP request involving a symlink with /tmp and web/user/wps_tool_cache.