Microsoft Trustworthy Computing; lessons learned from IE vulnerability

Microsoft learned of a vulnerability in IE 7 on “Patch Tuesday” December 9, and had a fix published for download eight days later. Now, Microsoft’s Michael Howard takes an interesting look at the lessons learned. Building, testing, and releasing a patch, especially a patch that affects Internet Explorer that runs on all supported versions of Windows […]

Microsoft learned of a vulnerability in IE 7 on “Patch Tuesday” December 9, and had a fix published for download eight days later. Now, Microsoft’s Michael Howard takes an interesting look at the lessons learned.

Building, testing, and releasing a patch, especially a patch that affects Internet Explorer that runs on all supported versions of Windows - in about a week - meant there were some software engineers working a string a very long days to get the patch out. No small effort, I’m sure.

But the question remains: how do flaws of this magnitude get into the final product? It’s been since 2002 when Bill Gates issued that now famous e-mail that demanded change.

Full Article