Posts

Showing posts from September, 2006

It's time for MS to break their patch cycle.

At what point did Microsoft completely lose touch with reality?
No no...not when they thought the Internet was a passing fad, or when BG said we'd never need more the 640k RAM, or when they flip-flopped on a SQL backend for Exchange and kept the Jet db engine.
I'm talking about Black Tuesday, Patch Tuesday...Microsoft's "that time of the month."
Enough already. The MSIE VML vulnerability drives home three key points.
1) The shortcomings in MS product and code are likely to remain perpetual and inevitable.
2) Bright, capable, well intended engineers will release their own patches in the hope of filling the gap until the next Patch Tuesday. Kudos to the Zeroday Emergency Response Team: ZERT
3) MS needs to buck up, admit to the fact that they're far from perfect, work with the community to improve their code and react faster, and ultimately, BREAK THE 30 DAY PATCH CYCLE, when necessary. No 0-day vulns? Fine, but when one is made public, rally the troops, write the p…