Is Microsoft Overwhelmed with Vulnerabilities?
Information Week has an interesting quote from Jayson Jean, director of the iDefense vulnerability team at VeriSign, commenting on the recent out-of-cycle patch from Microsoft, saying:
"
Some of the Office bugs have not been as high a priority and with the .ANI vulnerability, Microsoft has really had their hands full," said Jayson Jean, director of the iDefense vulnerability team at VeriSign. "They did well by releasing this week's patch out of cycle. The problem was escalating quickly so there was a fair amount of pressure driving them."
I'm sure this isn't what Microsoft was expecting so soon after the highly marketed release of the uber-secure Vista operating system.
What this cold does of reality makes clear is that in spite of best efforts to build a more secure operating system (which Microsoft did) there is still a lot of vulnerable legacy code here. Upgrading operating systems is like taking vitamins, you'll probably be better off for it in the long run but it is no cure-all.
For Microsoft, and other software vendors, the lesson here is that no matter how secure and well designed your latest and greatest product is, once those production CDs are pressed, it is off to an ugly, hostile environment where.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
