What if We Had Vuln-Free Software?

I was in a meeting with a large group of security professional today talking about SDL, reducing vulnerabilities, metrics, and so on – my normal topics – and we got into a really interesting discussion about which areas of focus can get the best practical results for operational IT security.

How would it affect your IT department’s focus if you could have a product with perfect security quality, or in other words, no expectation of exposure due to a vulnerability?

Read my recent CSOonline entry The 80/20 of Managing Software Risk for my thoughts.

About the Author
Jeff Jones

Principal Cybersecurity Strategist

Jeff Jones a 27-year security industry professional that has spent the last decade at Microsoft working with enterprise CSOs and Microsoft's internal teams to drive practical and measurable security improvements into Microsoft products and services. Additionally, Jeff analyzes vulnerability trends Read more »