Appendix . Notes
This number is estimated based on the cost of cyber crime in 2007 ($117 billion, GAO) and the cost of insufficient software testing in 2002 ($60 billion, NIST). This NIST estimate has not been recently updated, but inarguably has not reduced in any significant manner since then. The problem with all these numbers is an acknowledged difficulty with under-reporting by victims and the intermixture of different causes for said losses. As such, the problem with the estimate given here is that not only may it be “soft,” but significantly lower than actual costs if reporting levels among victims was higher. This estimate also tends to conflate numbers that may be unrelated to insecure software directly. that said, I still feel ...