You are viewing a read-only archive of the Blogs.Harvard network. Learn more.
Skip to content

Incentive to do your job

eEye and Determina have both put out third party fixes for the latest Microsoft IE patch. The relative public utility of this altruistic move is difficult to determine. On the one hand we have two companies who have stepped up and severed the obvious lead time worm writers and other malicious web site operators intent on owning your PC have. Once the flaw is announced everyone has to sit on their hands until Patch Tuesday rolls around. Smaller firms are the most likely to be hit and the least important to someone like Microsoft. Providing this patch is a good thing then since Microsoft is incapable of producing a Quality Assured patch in time.

On the other hand it is possible that Microsoft could produce the patch if it leveled more resources at the issue. Fixing products they have already received revenue for is nothing but a cost center for Microsoft. They have only negative press which bleeds more cost from future sales
to inspire them to put out patches in a timely fashion. If Microsoft’s work is done for them by “do gooders” like eEye then what use is it to pressure Microsoft to put out the patch sooner? What if there wasn’t an eEye there to do their work for them?

An interesting (unconfirmed) post on slashdot from one of the Determina engineers:

Source code for the eEye patch. Written by Derek Soeder

Post a Comment

You must be logged in to post a comment.