Query on Measuring companies AppSec #179

[Ambg05]

[Book_Software_Quality/content/21.From-Audio/to-fix-transcription/AppSec/Measuring companies application security.md]

I've 2 questions on this one:

1. Line 9: "We should be able to get a good metric and a good understanding of some of these companies, by comparing the really old technology stack with how much are they really flying heavy can to their seed, how much are they really basking the whole thing because you know that what is going to happen." I don't understand what this means, can you explain please.
2. Line 13: "So, in a way the times where in the past you could grow a company and then actually have the nice problem of the company blowing up and the traffic blowing up and the whole thing going south because you were successful you can't really do that anymore." Does 'blowing up' mean expanding rapidly or getting out of control? If it means growing rapidly am I correct to say " . . .in the past you could grow a company and then actually have the nice problem of the company and the traffic growing so quickly that the company went south, a victim of its own success. That doesn't happen any more."

Thanks. Now I will try to label this correctly!

[DinisCruz]

For the first question see the changes I made to https://github.com/DinisCruz/Book_Software_Quality/commit/8727cec97dd30e509c44179b34d172949d06dc30

For the 2nd, the idea is that in the past companies could afford to let the site 'blow up' and then fix it (i.e. deal with the mess). But at the moment you can't really do that any more, due to the side effects of those crashes and instability (namely the security consequences)' . Today as a company gets more successfully the more attackers will focus on it, and if there are serious security vulnerabilities, they will be exploited faster then that company can address them (with the side effects affecting real users and real money).

Add for example what is happening with cars and the IoS (Internet of Things)