Quality and Testing
But in spite of this, Linux is often touted as a more secure platform. This is due in part to the "many eyeballs" maxim of open-source software, which claims a correlation between the number of developers looking at code and the number of bugs found and resolved, Ballmer said. "While this has some validity, it is not necessarily the best way to develop secure software," he said. "We believe in the effectiveness of a structured software engineering process that includes a deep focus on quality, technology advances and vigorous testing to make software more secure." Citing another research report from Forrester, titled "Is Linux More Secure than Windows?," Ballmer said this highlighted "that the four major Linux distributions have a higher incidence and severity of vulnerabilities, and are slower than Microsoft to provide security updates."Ballmer recently also talked about security at the recent Gartner Symposium/ITxpo, but frustrated Windows users there said actions speak louder than words when it comes to Ballmers promise that Microsoft will fix the security vulnerabilities in his companys computing platform. Read more here about user reaction to Ballmers promises of improved security. "Trust is not a word that I would use" in relation to Microsofts promises on security, said Paula Dallabetta, director of product marking at CreekPath Systems Inc., a storage management software producer based in Longmont, Colo. She said she has no reason to trust Microsoft because it "hasnt delivered anything to date" that improves the security situation. On the indemnification front, Ballmer said a top issue for customers is patent indemnification. The company had now lifted the cap at the amount the customer had paid for the software, for its volume licensing customers: those most likely to be the target of an IP lawsuit. Next Page: Comparing indemnification plans.
"According to Forrester, Microsoft had the lowest elapsed time between disclosure of a vulnerability and the release of a fix," he said. "They found that Microsoft addressed all of the 128 publicly disclosed security flaws in Windows over the 12-month period studied, and that its security updates predated major outbreaks by an average of 305 days."