Comment by Arainach
2 months ago
How do you propose to calculate "the downside saved by eliminating the bug" - ideally in general, but I'd be curious to see if you could do it even for the specific bug discussed in this article.
2 months ago
How do you propose to calculate "the downside saved by eliminating the bug" - ideally in general, but I'd be curious to see if you could do it even for the specific bug discussed in this article.
Organizations price future, nebulous things all the time.
Imagine a possible downside or two, imagine a probable risk, multiply, discount.
Sure, but give some specific values. What potential damages and potential risk multiply to more than $10k?
Prominent youtuber doxxed and killed; terrible press extended for an extended period by litigation. 1 in 5000 but very high cost.
Large scale data leak and need for data leak disclosure. 1 in 3, moderate cost.
Bug report saving engineering time by giving clear report of issue instead of having to dig through telemetry and figure out misuse and then identify what is going on, extents of past damage, etc. 3 in 4.
2 replies →