Tuesday, 30 October 2012

Opposite of 'Security as TAX'

In the multiple articles tagged with Security as TAX I tried to show examples where security and 'secure coding' doesn't add (direct) value to an application/developer and is something the devs/companies have to pay in order to publish/release an application.

They are usually cases where the app was working ok in the 'insecure' state and the fixes had some nasty side effects (or where hard to implement).

But as I am planning to write a couple example of where security DOES add value (think: Amazing presentation on integrating security into the SDL), I was wondering what is the opposite of 'Security as TAX':

Humm... none of them works very well...

Let me know if you have any good ideas