Re: Microsoft and Security

["Justin Wheeler" <jwheeler () datademons com>]

On Friday 25 June 2004 20:53, http-equiv () excite com wrote:
> > What's happening here. Where is the Microsoft representative
> > explaining all of this to the shareholders and "customers" they
> > so dearly wish to protect.  This is unacceptable.  Someone must
> > be held accountable.
>
> Although I do agree on most of your words, I hardly find this list
> appropriate for such rants. You're talking to people who already know
> this, and do not forget that Microsoft doesn't play security game like
> Open Source people do. It is two different worlds, really. While OS people
> might just sit down, write a patch and publish it, MS people would have to
> write patch, submit it to QA, see that it doesn't break something else,
> see that it doesn't make the end-user experience less comfortable, and
> only then release it to the public (takes time, doesn't it?).

*snip*

Perhaps that'd be a better argument, if there weren't countless patches
from MS in the past that broke other things..
(http://www.securityfocus.com/archive/1/OF6CB1254D.22B27464-ON85256E89.004FB
436-85256E89.0050E58D () seba com/2004-06-25/2004-07-01/0 for example).

And I'd also be more likely to believe that if there weren't MS patches out
there that fix one particular bug, but completely ignore other ones that are
nearly IDENTICAL to it.

Justin