RSS
Microsoft's Mythical Man Years
from the misleading-the-public dept
Salon takes Microsoft to task for claiming that they're putting more "man-years" of reviews into the security of their code than the open source community ever has. The article first points out that it's pretty well established these days that throwing more developers at a particular project doesn't tend to make it better or faster - and in fact can do just the opposite. More importantly, he talks about the basic nature of how security checks are done on open source code - which is that a ton of real life tests are thrown at it very quickly. The stress testing is real - and as soon as an error is found, it's possible to figure out where the hole was and work on fixing it. Testers get prestige for finding and fixing holes. In Microsoft's world, no matter how many "man-years" they throw at it, they're testing stuff in a lab - and not the real world. Even worse, you're left trusting Microsoft that they've fixed the holes, rather than being able to check for yourself in open source code. It's nice that Microsoft is trying to improve their "trustworthiness" - but they shouldn't mislead the public about the effectiveness of their methods.
1 Comments | Leave a Comment..
- If The RIAA Wants To Talk About Misinformation Campaigns, Let's Start With The RIAA's Misinformation Campaign
- UK Report Blames The Internet For Terrorism, Says ISPs Should Take Down Content
- NY Times: RIAA & MPAA Exaggerate Piracy Impact Stats... But We're Going To Assume They're True Anyway
- Author Jonathan Franzen Thinks That Ebooks Mean The World Will No Longer Work
- Misguided Twitter Protests... And Why Twitter Could Have Explained Itself Better
Reader Comments (rss)
(Flattened / Threaded)
Mythical Man Month doesn't apply to QA
I still don't trust MS though :)
[ reply to this | link to this | view in thread ]
Add Your Comment