This month's Black Tuesday -- Sept. 10, 2013 -- enters the record books as Microsoft's most patch-botching month in history. That's quite an accomplishment, frankly. Having followed Microsoft's bungled patch efforts since long before the ascendancy of Patch Tuesday, I think there's a better -- if rather unorthodox -- way to manage patching.
The release dilemma is quite straightforward: Microsoft has to test the patches without letting them leak to the bad guys. Conventional wisdom dictates that if the bad guys can reverse engineer the patches before they roll down the Automatic Update chute, Windows as we know it will cease to exist. However, given the recent revelations of governmental stockpiling of zero-days, the ascendancy of companies that specialize in selling such zero-days to governments and corporate spies alike, and the fascinating proposal that the U.S. government share its zero-day trove with private companies (for a fee, of course), I think the day-and-date exposure threat is way overblown.
View the full article