I wonder if it's possible to estimate person-hrs that goes into a paper; or estimate total $$$ invested in literature analysing the security of a piece of security-critical software.

The answer is obviously no, unless they cite specific grants

Want to say something about technical debt behind otherwise shiny-looking projects which have had little or no analysis/verification/correctness efforts applied within or outside the project

This should be a quality metric when choosing dependencies

· · Web · 0 · 0 · 0
Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!