Re: The real blame goes to..
Let's not forget that the attack vectors are all Microsoft's doing. IF they wold concentrate on putting out better software instead of shiny software or bloated software, none of this would occur.
You can only patch bugs you know about. You can only know about bugs by discovering them during testing, or by someone else discovering them and telling you about them. MS did patch this stuff once they learned of the problem, but the NSA should've spoken up the moment they found the flaws. The NSA, as I understand it, is an organisation with a job to protect the data security (and the interests of) US citizens and corporations. By covering up this flaw, they've failed in this regard in many ways, not the least being the amount if ill-will that has increased towards the US and her citizens as a result of their actions.
MS could've done better, sure - but their closed-source doesn't quite have the benefit of well-intentioned interested parties looking over it for things to improve, which is a big help at times to those in the Open Source camps. Every programmer leaves bugs in their code, many found because they stop compiling, many more found because of an obvious flaw during execution, and some that lie hidden for decades because a) no one thinks of the test that would find them and b) nothing happens in the wild to trigger the flaw.
Writing software is difficult. Fixing bugs is difficult and a pain. But building test rigs that can catch every bug? That's incredibly hard, and no one has managed it yet. Though that said, I understand some basic testing tools would've found the flaw in SMB1?
it is getting to a point that we need less innovation/new features and more stability/security. We have become too accustomed to the quick release-fix it in an update cycle. These are the consequences.
That I agree with you on. I'd much rather computing be a few years behind where we are now, with the advantage that some of the painful talks I've had to have with people over lost data (eg kids photos) would never have happened.
Biting the hand that feeds IT
