Study And Report Underscores IT's Ire Over Buggy Software, Microsoft Wants Secrecy

There are few things more aggravating than dealing with poorly written applications. Such software is rife with security holes, poor memory management, and is generally no fun to use. According to a article titled "Study: Shoddy software steams users," many corporate customers feel the same way. Further, companies want to know about problems, especially security problems, with software as soon as they are discovered. from the article:

A study of more than 300 companies published last week found that nearly 80 percent of companies support security consultants and hackers releasing information about software vulnerabilities even when the developers arenit prepared, and that they want news of potential flaws within a week.

The desire for greater and more rapid disclosure comes more out of spite than as a way to increase security. Slightly more than half of those in favor of disclosure seemed to support it as a way to embarrass software companies that havenit done an adequate job busting bugs in their programs, rather than as a way to protect themselves against future attack.

"They are tired of software vendors not writing good code," said Pete Lindstrom, director of security strategies for the Hurwitz Group, a technology consultancy. "The end users are the ones saying we donit care about time periods, we donit care about patches--just get the information out."

As you might expect, the worldis largest software company, Microsoft, would have something to say about it. The article reports that Microsoft would prefer to hold onto information about software flaws until a fix can be made. From the article:

The findings undermine the push by several software makers, most notably Microsoft, and some security consultants, to define "responsible" disclosure as the release of information after a developer has had a chance to create a patch or after 30 days, whichever comes first. The fact that corporate software customers--those hurt worst by software makersi slipups--disagree with the delayed-disclosure policy removes a much-touted claim from the developersi side of the debate that they have customersi interests at heart.

Stop by and read the full article.