

Software Security starts with Software Quality - tosbourn
http://software-security.sans.org/blog/2012/01/25/software-security-starts-with-software-quality

======
bediger
For large enough values of "software quality".

All kinds of things can be called "quality": speed to market, meets
specifications, bug-free, doesn't crash, does things fast, has a
good/intuitive/powerful user interface, the list is potentially endless.
What's more, the "software quality" people acknowledge this: they never ever
define "quality", except maybe by saying "it's personal".

Supose my definition of quality is "first to market, and has a user interface
that anybody can understand". Does this particular (personal) definition of
quality mean that my software has started towards Software Security? No, we
have a historical example or two in Microsoft Windows 95 and 98, and maybe in
the first few versions of IIS and NT.

"Quality" is a meaningless buzzword with respect to software. Don't be a
proffesional meeting-attender, use better defined words when building an
argument.

