Microsoft's Mythical Man Years

from the misleading-the-public dept

Salon takes Microsoft to task for claiming that they’re putting more “man-years” of reviews into the security of their code than the open source community ever has. The article first points out that it’s pretty well established these days that throwing more developers at a particular project doesn’t tend to make it better or faster – and in fact can do just the opposite. More importantly, he talks about the basic nature of how security checks are done on open source code – which is that a ton of real life tests are thrown at it very quickly. The stress testing is real – and as soon as an error is found, it’s possible to figure out where the hole was and work on fixing it. Testers get prestige for finding and fixing holes. In Microsoft’s world, no matter how many “man-years” they throw at it, they’re testing stuff in a lab – and not the real world. Even worse, you’re left trusting Microsoft that they’ve fixed the holes, rather than being able to check for yourself in open source code. It’s nice that Microsoft is trying to improve their “trustworthiness” – but they shouldn’t mislead the public about the effectiveness of their methods.

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Microsoft's Mythical Man Years”

Subscribe: RSS Leave a comment
1 Comment
Anonymous Coward says:

Mythical Man Month doesn't apply to QA

The concept of the “Mythical Man Month”, while very true regarding actual developers, does not, in my experience, apply to QA. You *can* throw more QA at a product and increase its stability/security, as long as the development process remains *controlled* as before, with roughly the same number of developers.

I still don’t trust MS though 🙂

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...