Microsoft’s unpatched security bugs



George Ou at ZDnet is mystified (as many of us are) at why Microsoft can’t patch ALL their security vulnerabilities. Most of the unpatched vulnerabilities are considered minor (as was the 6 month old bug that in the last week was discovered could be exploited for more than a Denial of Service…) His point is, if small companies (even open source groups) can patch ALL security bugs big and small, then why can’t Microsoft with it’s legions of coders?


This is one of those sore points for me with regards to Microsoft. Given their vast resources (money and programmers) I don’t see why they would let a security bug sit for months or even years. This is one of the things that has given me greater respect for open source projects, seeing bugs patched with reasonable speed and thoroughness. (How Microsoft can claim that they’re average disclosure-patch time is less than comparable open source software is beyond me. I saw one claim a while back of within 24 hours…. that must be from when they disclose it (announced at the same time as patches)).

To be fair, I think there are some unpatched Firefox vulnerabilities at the moment, but once again I invite visitors to go to the secunia page for both products….

firefox 1.x 3 unpatched.
Internet Explorer 6.x 21 unpatched.
Opera 8.x 1 unpatched.

(and the Opera vulnerability is 12 days old…)

I would invite folks to try out either Opera or…

For that matter though, I would like to see Firefox deal with the unpatched vulnerabilities.

However, Microsoft makes more than a web browser and in his post he lists each of the unpatched XP vulnerabilities. His hope is to hear an ETA from Microsoft on a fix…. good luck with that one.

   Send article as PDF   

Similar Posts