Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
Software Patches Eat Government IT's Lunch
Threaded  |  Newest First  |  Oldest First
cbabcock
50%
50%
cbabcock,
User Rank: Apprentice
9/3/2013 | 7:30:47 PM
re: Software Patches Eat Government IT's Lunch
Software patches are often updates, not bugs in the sense of poor code needing corrections, to bring an application into line with updates elsewhere in itself or to keep it compatible with a wider set of software. We need to get to the point where software is built in such a standard fashion that updating it is a standard, and automated, process. This is where cloud vendors start to draw away in terms of efficiency from the one-of-everything enterprise data center.
moarsauce123
50%
50%
moarsauce123,
User Rank: Ninja
9/5/2013 | 5:04:24 PM
re: Software Patches Eat Government IT's Lunch
A bug is anything that negatively impacts user experience. That means it does not need to be a coding error. The code can be all well, but if using the application is so complicated that it will lead to many mistakes the software is buggy and needs fixing.
A big problem these days are indeed the ridiculously short times to market as well as the 'agile' methods that reward not committing to anything, no planning, no documentation, and rapid releases of something. I think we all would better served by spending a few months up front to design applications and make up our minds as to what we really want, then build that. Sure, flexibility is always needed as some aspects come up while doing the development work, but it just doesn't pan out when doing everything on the fly.
WKash
50%
50%
WKash,
User Rank: Apprentice
9/5/2013 | 6:58:06 PM
re: Software Patches Eat Government IT's Lunch
Government gets a lot criticism for its bureaucratic ways, but it does offer a template, courtesy of the National Institute of Standards and Technology, for how software code can be certified to meet certain operating standards. Enterprises would be better served if there were standards software developers could agree to that, as you say, using an automated process, would give software the equivalent of a clean bill of health. That won't address the need for updates, as you say, but it would give customers more confidence in what they're buying. And that hopefully would led to marketplace choices that would reward the more responsible developers.
Lorna Garey
50%
50%
Lorna Garey,
User Rank: Ninja
9/4/2013 | 2:40:33 PM
re: Software Patches Eat Government IT's Lunch
Excellent analysis. Patches have always been painful, and seem to be getting more so. The "goods vs. service" distinction is a factor those choosing between SaaS and COTS should consider.
MarciaNWC
50%
50%
MarciaNWC,
User Rank: Apprentice
9/4/2013 | 9:07:41 PM
re: Software Patches Eat Government IT's Lunch
Would be interesting to see those reports Jack cites indicating that 25% of hospital operating room liability
lawsuits are now tied to software coding problems.
blowenth
50%
50%
blowenth,
User Rank: Apprentice
9/7/2013 | 3:04:49 PM
re: Software Patches Eat Government IT's Lunch
I find it interesting when people complain that they are losing
money as a result of applying software fixes.



The simple answer for organizations that are losing money applying
software fixes is for the organizations to discontinue using the
software. Then they would they recover those "losses" -- right?



But, of course, they will nearly always "lose" even more money if
they discontinue using the software. Adoption of nearly all
business software products results in cost reduction of
actions that can already be performed. There is often very quick
adoption of new products that provide significant cost reductions
because the people that purchase the products can get their money
back in less than a year and then go on to get significant cost
reductions year over year. However, people still gripe because
they don't save even more because of product defects.



For example, Larry Ellison of Oracle said that Oracle saved a Billion dollars a year when it
adopted Internet technology products for HR and other internal processes. -- I believe
it. Now Oracle could have saved even more that a Billion dollars
if there were no product defects. Lets suppose Oracle saved
$1,000,000,000 but if there were no product defects they would have
saved $1,010,000,000. Now Larry could say that Oracle lost
$10,000,000 by adoption of Internet technology products --- and it
would be true using the logic of the per "Software Patches Eat
Government IT's Lunch" story.



Software, unlike almost all other products, is peculiar because
customers pay to get fixes to defects in delivered products. Why
is this? Why do customers purchase such products and then have to
pay to have design defects repaired. Lets consider to companies
building the same type of software products.


Lets say Company A gets the product out in 2010 where it is
purchased by the Bank of America. Lets stay that Company A's
product has many software defects costing BoA $10,000,000 during
the next two years. Lets say Bank of America, saves
$500,000,000 per year because of the adoption.

Lets say Company B gets the product out in 2012 at the same
price as Company A and because of the extra two years of
testing, software defects cost $0 per year and the Bank of
America starts saving $500,000,000 per year at that point.
What's the better deal for the Bank of America?

Did Bank of America lose $10,000,000 by adopting Company A's
product or did it lose $990,000,000 by waiting to adopt Company
B's bug free product?



Of course there are tradeoffs here. If the products have too many
bugs then they become unfit for use. But competition typically
sorts this out.



Anyway, the bottom line here is that when you hear about
organizations losing money because of the cost of applying fixes for
software defects, its probably not the case that the organization
lost money by adopting the use of that software. They just want to save even more -- and that is good. However, sometimes it's
good to remind people to consider all the costs and benefits.
WKash
50%
50%
WKash,
User Rank: Apprentice
9/17/2013 | 12:38:19 PM
re: Software Patches Eat Government IT's Lunch
This misses the point of what the Marine Corps and other large scale organizations are facing. First, the Marine Corps can't just software A and switch to software B because software A is costing more to update/fix. Second, we're talking about high costs because of the large number of users and devices that exist. The Marine Corps works with the US Navy. Together they have more than 800,000 users on the network. Simple bug fixes and version updates may not be a big deal for an organization of 1000 workers. It's a much different and more expensive matter for large organizations.
WKash
50%
50%
WKash,
User Rank: Apprentice
9/17/2013 | 12:50:08 PM
re: Software Patches Eat Government IT's Lunch
There's an interesting story and commentary on the importance of, and the balance between, software developers who crank out code and product managers who are responsible for the customer experience. See "Why your software development process is broken" at: http://www.informationweek.com...


7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-3154
PUBLISHED: 2020-01-27
CRLF injection vulnerability in Zend\Mail (Zend_Mail) in Zend Framework before 1.12.12, 2.x before 2.3.8, and 2.4.x before 2.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the header of an email.
CVE-2019-17190
PUBLISHED: 2020-01-27
A Local Privilege Escalation issue was discovered in Avast Secure Browser 76.0.1659.101. The vulnerability is due to an insecure ACL set by the AvastBrowserUpdate.exe (which is running as NT AUTHORITY\SYSTEM) when AvastSecureBrowser.exe checks for new updates. When the update check is triggered, the...
CVE-2014-8161
PUBLISHED: 2020-01-27
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message.
CVE-2014-9481
PUBLISHED: 2020-01-27
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
CVE-2015-0241
PUBLISHED: 2020-01-27
The to_char function in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to cause a denial of service (crash) or possibly execute arbitrary code via a (1) large number of digits when processing a numeric ...