As Microsoft continues to issue emergency patches for the latest version of Windows, and to trumpet the release of a new version which is likely to be even more full of holes, I’m wondering how long business users and customers will put up with this blatant disregard for data security.
License Sales Driving New Versions
Like most software companies, Microsoft makes its money from new license sales. That’s the driver for releasing new versions, and for artificially shortening the lifespan of existing products. In order to speed up the revenue generation cycle, and to maximize profit, Microsoft has quite clearly chosen to release beta-quality software and let its user ecosystem find the flaws in the wild. Surely that’s not acceptable for business use – but it seems to be accepted nonetheless.
Industry security standards such as PCI DSS place great importance on using supported software with the latest patches. But what if this software is actually a crock? Whose responsibility is it to declare that these products are not fit for purpose? Would it not make more sense to stick with the tried and tested versions such as Windows 7 or Windows Server 2003, rather than moving to versions which have not had the same level of testing and hardening in the real world? These older versions can be supported by 3rd party providers, and the need for patching is rare.
Is Open Source The Answer?
If Microsoft and other vendors continue to release software which leaks like a sieve, should we – like the Jumblies – be prepared to leap in and set sail, with no more assurance than the pink tissue paper of statutory compliance? Compliance doesn’t prevent security breaches, as we see all too often.
Should business move to open source? Should Microsoft make its products open source, and allow the wider IT community to fix them as well as testing them? Should we end the cycle ofconstant upgrades, and stick with tried and trusted versions? Or should we continue to buy poor software and hide behind compliance certificates, as the water level rises around us?
Here’s some more articles you might be interested in;
If you have any questions about your software security, or if you are sick of constantly having to upgrade and would like to learn about other options available to you, contact PSShelp on;
Call US: 877 289 7770
Call UK: 0800 012 4054