I am not hugely impressed with Aberdeen, the source of this "report" - I may be missing something, but I see Aberdeen as one of the marketing whores that Microsoft has hired over the years to make its case by hook or by crook. And Microsoft has the cash position to hire quite a few whores who will breathlessly tell us how good it was.

The conclusions of the Aberdeen dynamic duo happens to run counter to IBM's Open Source strategy - If Open Source is as insecure as these two clowns assert, then (a) IBM's multibillion dollar investment in Open Source is a dud and (b) IBM, the very epitome of a conservative company when it comes to risk taking, has deliberately put its customers at risk. Yeah, and every morning I become totally awake by sticking my finger in my eye, too!

This is not to say that the NSA for example should not take the lead in helping make Linux more secure - the NSA should, considering how much Linux gave the NSA. And the NSA should flush Microsoft's whinings about NSA unfairly subsidizing the competition down the crapper where they belong. Microsoft's expertise on the concept of fair competition is suspect for the same reason that the credibility of a $450 bil company that has been convicted in Federal Court of anticompetitive practices should be in doubt.

One last thing: if Microsoft wants to build secure products, then it may have to scrap its "rank and yank" promotion system whereby the bottom 5% of its developers get the boot every six months. And it will have to be a lot less promiscuous in hiring consultants rather than employees. From a security point of view, it does no good for a product to have code whose original authors have disappeared and that only they really understand.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/127/17263#17263