The bigger issue is Microsoft's overall posture when it comes to security.
While I know the majority of the software engineers at Microsoft are very dedicated to producing secure and stable code, Microsoft's overall corp stance has left alot to be desired.
Microsoft's business plan has always been pretty reactionary in nature.
Back when Microsoft started selling retail versions of DOS, Microsoft would wait for 3rd party developers to produce great OS utilities, then they would copy the idea
and incorparate this into the next release
of DOS. While many will say this was a good thing for consumers, I feel Microsoft should have been spending R&D money developing these concepts on thier own, not letting some 3rd party developer do the r&d, take the idea, and run the 3rd party company out of business.
When the Internet broke into the public consciousness, Microsoft only jumped on the bandwagon after it saw others making money, and released competing products.
Once again not developing new concepts.
Now we come to security, and Microsoft is only taking it serously now that they see they can make money with it
( http://www.securityfocus.com/news/10146 )

Looking back the last couple of years, of all the Microsoft products released, how many did NOT experience some form of a VERY SERIOUS vulnerability?

Microsoft has recieved a free ride both legaly and in the general press when it comes to accountability for it's security issues.

I fully understand Microsoft (like any properly run company) is in business to make money and fully support this.
What I'm saying is security should not be an optional upgrade to it's software.


[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/285/29663#29663