Perhaps someone can clarify something here. MS got 50 OEM partners over to Redmond to do reduce "the number of vulnerabilities shipped in its products"? Perhaps I'm being dense today, but what has OEM partners got to do with products being shipped with vulnerabilities? Shouldn't they concentrate more on the development team, rather than OEM partners?

Furthermore, with the recent 0-day IE7 exploit (and IIRC, some old bugs brought over from IE5/6), and them stating that IE7 was built under this "SDL" initiative, should we, as users of their products, need to worry?

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/351/1505#1505