Can MS deliver perfect patches every time?
By Ryan Russell The last few years, I’ve found myself doing quality-assurance work for a vendor that sells software to large enterprise customers. That means, among other things, that I’m responsible for checking the updates and patches that go out to those customers. I also find myself somewhat sympathetic to other vendors regarding how long it takes to prepare a good patch release. I don’t think there’s a one-size-fits-all amount of time before a patch must be released. However, I can see that the 30 to 60 days that some vulnerability researchers call for is often on the low side. To be sure, there’re some extreme cases that I find appalling. For example, David Litchfield claims Oracle took around two years to release a set of patches, which reportedly failed to actually fix many of the problems. I’ll take David’s word for it, since he found those issues in the first place. Against that standard, Microsoft doesn’t look too bad. In fact, Microsoft has a very good reason to try to get
