Over many years and many releases, Microsoft software has proven vulnerable to a plague of viruses, worms, Trojans, malware and other security snafus, the extent of which would boggle any reasonable mind.
You know what happened or rather, what happens. Microsoft puts out a new release and, like clockwork, fresh security problems are announced. Go to eSecurityPlanet and youll see a constantly refreshed list of Windows viruses its about five to ten per day.
Pity the poor Windows user whose system is not enclosed in a fortress of the latest, greatest, extra-strength security software. Remember the I Love You worm? A single Trojan crafted by a lowly computer student brought down email systems from the CIA to the British Parliament.
In fairness, some security experts note that any OS with a user base as big as Windows would necessarily have problems. Its large market share makes it a fat target for legions of script kiddies worldwide (and worse, the fraudsters who make money selling knowledge of vulnerabilities).
But regardless of whether its Microsofts fault, is there not some way to find virtually all of a programs holes before its released to the public?
Heres an idea. Prior to release, Microsoft could hire fifty of the worlds top hackers, give them $10,000 a week and all the pizza and Red Bull they can consume. Set them up in a big warehouse in Redmond and turn them loose on the beta version. For every hack they find, give them a $50,000 bonus. At the end of three months, the hacker whos found the most vulnerabilities gets a $1 million grand prize and is allowed to throw a cream pie at Bill Gates. (Okay, maybe you leave out the cream pie bit it might not fly with senior management.)
Sure, the scheme would cost Microsoft a few million, but when the software was done being punished, itd be reasonably close to bulletproof. If, for example, Vista had been put through this trial by fire, this hack likely wouldnt have been discovered post release. Why is it that an obscure Russian hacker can find something that all the talent in Redmond cant find?
Moral of the Story:
Its not enough to ask company programmers to test your software. Its not even enough to release a beta version to well-regarded professionals. If you want really tough software, you have to allow some real-world poking and prodding prior to release.