In six years of Patch Tuesdays, 400 security bulletins, 745 vulnerabilities

Has Microsoft reached its limit for debugging software?

The sheer number of patches Microsoft releases each month shows the company may have reached the "inherent limits" of the software debugging process, said Amichai Shulman, CTO at security vendor Imperva in a blog post.

Microsoft could not be reached for comment at deadline.

Microsoft has been investing more than any other company in secure coding practices with its software development life cycle process, Shulman said. Yet in the past year, the number of vulnerabilities is still on the rise. What that shows is that "there is a point in time in which any increase in QA resources (and time) has a negligible effect over software quality," he said. "This is giving us an excellent perspective about the inherent limitations of SDLC as the first and last line of defense when it comes to information security," he said.

"The crooks tend to spend the majority of their effort on Windows," because of it huge market share, said Tim O'Pry, CTO at the Henssler Financial Group in Kennesaw, Ga. While the sheer number of patches released by Microsoft is "a royal PIA for system administrators," Microsoft is getting better at locking down some of the bigger holes in their operating systems, he said.

One big reason why Microsoft is still reporting so many vulnerabilities is because they have "decided to drag the ball and chain of backward compatibility with them from the DOS days," O'Pry said. But overall, "I think Microsoft is doing a reasonable job considering the huge installed base and their attempts to break as little as possible," from a backward compatibility standpoint, he said.

Matt Kesner, chief technology officer at Fenwick & West LLP in Mountain View, Calif., said it isn't surprising that during times of economic trouble that there are more attempts to exploit systems.

"So, on the one hand we applaud Microsoft's continuing efforts to patch its software in a timely manner," he said. "On the other hand, the number of patches shows that security still isn't a primary consideration when software is written."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Microsoftsecurity patch

More about AppleIBM AustraliaIBM AustraliaImpervaLPMicrosoftOracleQualys

Show Comments
[]