Oracle's security chief says the software industry is so riddled with buggy product makers that "you wouldn't get on a plane built by software developers."
Chief Security Officer Mary Ann Davidson has hit out at an industry in which "most software people are not trained to think in terms of safety, security and reliability." Instead, they are wedded to a culture of "patch, patch, patch," at a cost to businesses of $59 billion, she said.
"What if civil engineers built bridges the way developers write code?" she asked. "What would happen is that you would get the blue bridge of death appearing on your highway in the morning."
Speaking at the WWW2006 conference in Edinburgh, Scotland, on Thursday, Davidson also touched on the wider subject of the state of the software and security industries.
The pressure to deal with the problem of unreliable and insecure software is building, and the industry has reached a "tipping point," she said.
It is now "chief executives who are complaining that what they are getting from their vendor is not acceptable, in terms of software assurance," Davidson said.
Things are so bad in the software business that it has become "a national security issue," with regulation of the industry currently on the agenda, she said. "I did an informal poll recently of chief security officers on the CSO Council, and a lot of them said they really thought the industry should be regulated," she said, referring to the security think tank.
But if regulation is coming, the industry has only itself to blame, she said.
"Industries don't want to be regulated, but if you don't want to be regulated, the burden is on you to do a better job."
Davidson also hit out at the "hacking mentality," and the incidence of exploits that could cause "a million dollars worth of damage...passed around freely at conferences." She said there was a major difference between people working in the software business and engineers who "are trained to think in terms of safety, security and reliability first."
She claimed that the British are particularly good at hacking as they have "the perfect temperament to be hackers--technically skilled, slightly disrespectful of authority, and just a touch of criminal behavior."
Colin Barker and Jonathan Bennett of UK.Builder.com reported from London.
Not that I disagree with Ms. Davidson, but she does realize who she works for, correct???? She might want to guide the rest of the industry by leading Oracle to a patch-free product first.
Not that I disagree with Ms. Davidson, but she does realize who she works for, correct???? She might want to guide the rest of the industry by leading Oracle to a patch-free product first.
Related news stories about recent Oracle vulnerabilities
Oct 27, 2005: Flaw hunters pick holes in Oracle patches <a class="jive-link-external" href="http://news.com.com/Flaw+hunters+pick+holes+in+Oracle+patches/2100-1002_3-5916171.html?tag=nl" target="_newWindow">http://news.com.com/Flaw+hunters+pick+holes+in+Oracle+patches/2100-1002_3-5916171.html?tag=nl</a>
Oct 27, 2005: Oracle password system comes under fire <a class="jive-link-external" href="http://news.com.com/Oracle+password+system+comes+under+fire/2100-1002_3-5918305.html?tag=st.rn" target="_newWindow">http://news.com.com/Oracle+password+system+comes+under+fire/2100-1002_3-5918305.html?tag=st.rn</a>
Nov 1, 2005: Halloween treat for Oracle: A database worm <a class="jive-link-external" href="http://news.com.com/Halloween+treat+for+Oracle+A+database+worm/2100-7349_3-5926641.html" target="_newWindow">http://news.com.com/Halloween+treat+for+Oracle+A+database+worm/2100-7349_3-5926641.html</a>
Related news stories about recent Oracle vulnerabilities
Oct 27, 2005: Flaw hunters pick holes in Oracle patches <a class="jive-link-external" href="http://news.com.com/Flaw+hunters+pick+holes+in+Oracle+patches/2100-1002_3-5916171.html?tag=nl" target="_newWindow">http://news.com.com/Flaw+hunters+pick+holes+in+Oracle+patches/2100-1002_3-5916171.html?tag=nl</a>
Oct 27, 2005: Oracle password system comes under fire <a class="jive-link-external" href="http://news.com.com/Oracle+password+system+comes+under+fire/2100-1002_3-5918305.html?tag=st.rn" target="_newWindow">http://news.com.com/Oracle+password+system+comes+under+fire/2100-1002_3-5918305.html?tag=st.rn</a>
Nov 1, 2005: Halloween treat for Oracle: A database worm <a class="jive-link-external" href="http://news.com.com/Halloween+treat+for+Oracle+A+database+worm/2100-7349_3-5926641.html" target="_newWindow">http://news.com.com/Halloween+treat+for+Oracle+A+database+worm/2100-7349_3-5926641.html</a>
Well, what is regulation other than "fines and such" for not doing what the government dictates?
Here's the problem: For open source, who gets held accountable? If it's the keeper of the kernel, so to speak, such regulation could effectively kill open source. What company in their right mind would allow unaccountable non-employees to contribute to their code if it could potentially expose them to fines when the bugs inevitably turn up?
Less jobs lost to outsourcing? You're kidding right? This would help to drive it even harder because as a "cost" to building software developers and testers can be found cheaper in other places such as China and India. And as some of them tout being CMM Level 5 (another joke) they will get the work too. The business people in the industry will keep pushing for cheaper labor in order to maximize the profit line, only when they begin to loose profit will they consider putting the money into the Testing/QA practices and other process related things that will make their products better. Software has always been a first to market / profit driven business, and always will be. Security and reliability are only considered when it hurts the pocket book of the CEO. The solution to the problem is to look in the mirror and decide that an investment in internal process and Testing/QA is the way to improve the revenue stream by improving the reliability of the software. This along with higher customer satisfaction and renewal of licenses will improve the P&L. But it is a long term solution that a lot of companies do not want to invest in. The majority of software companies do not think this way.
Well, what is regulation other than "fines and such" for not doing what the government dictates?
Here's the problem: For open source, who gets held accountable? If it's the keeper of the kernel, so to speak, such regulation could effectively kill open source. What company in their right mind would allow unaccountable non-employees to contribute to their code if it could potentially expose them to fines when the bugs inevitably turn up?
Less jobs lost to outsourcing? You're kidding right? This would help to drive it even harder because as a "cost" to building software developers and testers can be found cheaper in other places such as China and India. And as some of them tout being CMM Level 5 (another joke) they will get the work too. The business people in the industry will keep pushing for cheaper labor in order to maximize the profit line, only when they begin to loose profit will they consider putting the money into the Testing/QA practices and other process related things that will make their products better. Software has always been a first to market / profit driven business, and always will be. Security and reliability are only considered when it hurts the pocket book of the CEO. The solution to the problem is to look in the mirror and decide that an investment in internal process and Testing/QA is the way to improve the revenue stream by improving the reliability of the software. This along with higher customer satisfaction and renewal of licenses will improve the P&L. But it is a long term solution that a lot of companies do not want to invest in. The majority of software companies do not think this way.
bridge makers don't have to put up with ever changing requirements
They just have to build a bridge.
With software - the requirements are always changing by the user.
Of course some bridges don't work completely - they don't stand up to earthquakes, or can't hand an airplane crashing into them, or a boat/barge and they also get destroyed/broken. They also don't last forever and eventually fall apart.
hm, I've got an old bridge running great in the new environment
With a boot time of second, DOS runs pretty damn good in this changed environment of hardware.
Heck, I could still be happily using it for more than just a BBs platform if I didn't have to interact with other platforms. Well, and if the IP protocol support didn't suck. But then, driver support and game publishing for DOS has follen rather out of fashion.
Mind you, if I'd had access to Unix rather than Dos when I was seven I'd likely have never touched winblows.
The fact that software requirements can change doesn't mean that more bugs have to be introduced.
Despite this persons employer, the points are valid.
I suspect the complaints are from lazy half-ass developers who don't know 10% of what they think they do abut software security. It is alarming how many professional programmers really don't understand what is going on in hardware, thus don't understand security issues.
If the software industry doesn't start cleaning up its act and take responsibility for its products(through warranties and other guarentees), governemt will step it and that will be to the detriment of everyone.
most bridges take 2-3 years to design,factoring in the weather,water currents,structural capabilties,then when its being built,another 2-3 years,it goes under more revisions,then its inpected,certified..and remember the engineers are certified&licenced..the last thing they want is that bridge to fail,because if it does, it will be the end of them and the companies that built it,both will be bankrupted by lawsuits...you 'softies'got it easy..
bridge makers don't have to put up with ever changing requirements
They just have to build a bridge.
With software - the requirements are always changing by the user.
Of course some bridges don't work completely - they don't stand up to earthquakes, or can't hand an airplane crashing into them, or a boat/barge and they also get destroyed/broken. They also don't last forever and eventually fall apart.
hm, I've got an old bridge running great in the new environment
With a boot time of second, DOS runs pretty damn good in this changed environment of hardware.
Heck, I could still be happily using it for more than just a BBs platform if I didn't have to interact with other platforms. Well, and if the IP protocol support didn't suck. But then, driver support and game publishing for DOS has follen rather out of fashion.
Mind you, if I'd had access to Unix rather than Dos when I was seven I'd likely have never touched winblows.
The fact that software requirements can change doesn't mean that more bugs have to be introduced.
Despite this persons employer, the points are valid.
I suspect the complaints are from lazy half-ass developers who don't know 10% of what they think they do abut software security. It is alarming how many professional programmers really don't understand what is going on in hardware, thus don't understand security issues.
If the software industry doesn't start cleaning up its act and take responsibility for its products(through warranties and other guarentees), governemt will step it and that will be to the detriment of everyone.
most bridges take 2-3 years to design,factoring in the weather,water currents,structural capabilties,then when its being built,another 2-3 years,it goes under more revisions,then its inpected,certified..and remember the engineers are certified&licenced..the last thing they want is that bridge to fail,because if it does, it will be the end of them and the companies that built it,both will be bankrupted by lawsuits...you 'softies'got it easy..
If software vendors didn't have the EULA to protect them, software would be released as more of a finished product. As it is now, software is routinely released as a work in progress. For an example: if Microsoft were to fight as hard for the right to introduce Windows with no need for virus protection as they do for the right to add a media player, it may be worth close to what they charge for it.
If software vendors didn't have the EULA to protect them, software would be released as more of a finished product. As it is now, software is routinely released as a work in progress. For an example: if Microsoft were to fight as hard for the right to introduce Windows with no need for virus protection as they do for the right to add a media player, it may be worth close to what they charge for it.
The problem with comments like this is that it makes software developers look bad, when in actual fact software developers know how to make secure and reliable software. problem is you have managers who dont understand software quality and how long it takes to program. Less and less time is given to the coding aspect of a lifecycle and more to testing/fixing which if you do the coding right u need less time for testing/fixing, and more pressure is put on developers to rush using quick fixes instead of doing something properly! Then higher up you have the customer who wants more, for less money in less time, its like forcing a surgeon to do a heart transplant in 5 minutes, you expect perfection in 5 minutes?
It's too easy to blame the developer, so thats what happenes!
The problem with comments like this is that it makes software developers look bad, when in actual fact software developers know how to make secure and reliable software. problem is you have managers who dont understand software quality and how long it takes to program. Less and less time is given to the coding aspect of a lifecycle and more to testing/fixing which if you do the coding right u need less time for testing/fixing, and more pressure is put on developers to rush using quick fixes instead of doing something properly! Then higher up you have the customer who wants more, for less money in less time, its like forcing a surgeon to do a heart transplant in 5 minutes, you expect perfection in 5 minutes?
It's too easy to blame the developer, so thats what happenes!
And just look who's talking... I mean this is a good example of the pot calling the kettle black... (* ROFLOL *)
Looks like they're trying to place everybody else in the same bandwagon which they've found themselves in.
But it just doesn't work that way. Some of what she says has merit, but much is ado about making them look "NOT SO BAD"! (* ROFLOL *)
Bottom Line: There is NO SUCH THING as 100% SAFE software... and thus patches are required. But she's going on and on about how to develop a 100% secure application which is just impossible.
And just look who's talking... I mean this is a good example of the pot calling the kettle black... (* ROFLOL *)
Looks like they're trying to place everybody else in the same bandwagon which they've found themselves in.
But it just doesn't work that way. Some of what she says has merit, but much is ado about making them look "NOT SO BAD"! (* ROFLOL *)
Bottom Line: There is NO SUCH THING as 100% SAFE software... and thus patches are required. But she's going on and on about how to develop a 100% secure application which is just impossible.
I'm a bit mystified as to why execs suddenly wake up and whine about the shoddy quality of software.
It just shows that they themselves don't have a clue about what's going on and that they don't give a flip about EULA's. I mean, that's for the legal eagles to worry about right?
Ever read a EULA carefully? I refer to the bit where they say: "This software product is delivered as is and offers no guarantee of usability whatsoever NOT EVEN FOR THE PURPOSE IT WAS SOLD FOR". Not exact wording, but it's close enough for this purpose. What they say is that although they will claim it's the best thing since sliced bread, they don't have enough confidence in their own product that they will guarantee that it will perform its base functionality. Just that: we don't guarantee that it will actually work.
And you believe they would be concerned with luxuries as safety when they can't even guarantee that their product will do what you buy it for?
Users have to realise that a large application can't be created in three weeks time by 4 people on a shoestring budget. Execs want that, shareholders demand it, but it doesn't work like that. Microsoft's Vista qualms show very clearly how difficult it is to make something as complex as an OS [and then you have to worry about how good it will be in the end. Hint: read the EULA ;)]
I'm a bit mystified as to why execs suddenly wake up and whine about the shoddy quality of software.
It just shows that they themselves don't have a clue about what's going on and that they don't give a flip about EULA's. I mean, that's for the legal eagles to worry about right?
Ever read a EULA carefully? I refer to the bit where they say: "This software product is delivered as is and offers no guarantee of usability whatsoever NOT EVEN FOR THE PURPOSE IT WAS SOLD FOR". Not exact wording, but it's close enough for this purpose. What they say is that although they will claim it's the best thing since sliced bread, they don't have enough confidence in their own product that they will guarantee that it will perform its base functionality. Just that: we don't guarantee that it will actually work.
And you believe they would be concerned with luxuries as safety when they can't even guarantee that their product will do what you buy it for?
Users have to realise that a large application can't be created in three weeks time by 4 people on a shoestring budget. Execs want that, shareholders demand it, but it doesn't work like that. Microsoft's Vista qualms show very clearly how difficult it is to make something as complex as an OS [and then you have to worry about how good it will be in the end. Hint: read the EULA ;)]
Wow, I find that to be an interesting remark from a company from which I have rarely seen such buggy products by! But hey, moral is good, double-moral must be twize as good.
Chinese authorities have reportedly taken iPads from a third-party retailer, a move apparently brought on by Apple's continued refusal to honor a trademark for the iPad name owned by a Chinese manufacturer.
NY professor believes that a word-based algorithm can help bring together those who believe, with one glimpse, that they have found and lost the love of their lives.
Along with green-lighting Google's buy of Motorola, the Justice Department today OKs an Apple-Microsoft-RIM partnership deal to buy Nortel patents, and Apple's plan to acquire Novell patents.
Chamtech's spray-on antenna uses a nano material to provide a low-power boost to antenna range. The wireless-in-a-can product may some day bring an end to unsightly cell towers.
This week, we pass around Sony's new PlayStation Vita for some hands-on testing, check out HP's newest Beats Audio laptop, and debate the best and worst Valentine's Day gadget gifts.
EnerG2 opens a plant to make an engineered carbon that will improve performance of energy storage devices and make storage for start-stop hybrid cars less expensive.
<a class="jive-link-external" href="http://news.com.com/Flaw+hunters+pick+holes+in+Oracle+patches/2100-1002_3-5916171.html?tag=nl" target="_newWindow">http://news.com.com/Flaw+hunters+pick+holes+in+Oracle+patches/2100-1002_3-5916171.html?tag=nl</a>
Oct 27, 2005: Oracle password system comes under fire
<a class="jive-link-external" href="http://news.com.com/Oracle+password+system+comes+under+fire/2100-1002_3-5918305.html?tag=st.rn" target="_newWindow">http://news.com.com/Oracle+password+system+comes+under+fire/2100-1002_3-5918305.html?tag=st.rn</a>
Nov 1, 2005: Halloween treat for Oracle: A database worm
<a class="jive-link-external" href="http://news.com.com/Halloween+treat+for+Oracle+A+database+worm/2100-7349_3-5926641.html" target="_newWindow">http://news.com.com/Halloween+treat+for+Oracle+A+database+worm/2100-7349_3-5926641.html</a>
Seems that the pot is calling the kettle black?
Kevin
<a class="jive-link-external" href="http://news.com.com/Flaw+hunters+pick+holes+in+Oracle+patches/2100-1002_3-5916171.html?tag=nl" target="_newWindow">http://news.com.com/Flaw+hunters+pick+holes+in+Oracle+patches/2100-1002_3-5916171.html?tag=nl</a>
Oct 27, 2005: Oracle password system comes under fire
<a class="jive-link-external" href="http://news.com.com/Oracle+password+system+comes+under+fire/2100-1002_3-5918305.html?tag=st.rn" target="_newWindow">http://news.com.com/Oracle+password+system+comes+under+fire/2100-1002_3-5918305.html?tag=st.rn</a>
Nov 1, 2005: Halloween treat for Oracle: A database worm
<a class="jive-link-external" href="http://news.com.com/Halloween+treat+for+Oracle+A+database+worm/2100-7349_3-5926641.html" target="_newWindow">http://news.com.com/Halloween+treat+for+Oracle+A+database+worm/2100-7349_3-5926641.html</a>
Seems that the pot is calling the kettle black?
Kevin
<a class="jive-link-external" href="http://news.com.com/2100-7344-6069363.html?tag=tb" target="_newWindow">http://news.com.com/2100-7344-6069363.html?tag=tb</a>
Fines and such work well for commercial companies, and they also need to clean up their acts.
On the bright side, if companies are held accountable for the quality of their software, we may see less jobs lost to outsourcing.
Here's the problem: For open source, who gets held accountable? If it's the keeper of the kernel, so to speak, such regulation could effectively kill open source. What company in their right mind would allow unaccountable non-employees to contribute to their code if it could potentially expose them to fines when the bugs inevitably turn up?
The solution to the problem is to look in the mirror and decide that an investment in internal process and Testing/QA is the way to improve the revenue stream by improving the reliability of the software. This along with higher customer satisfaction and renewal of licenses will improve the P&L. But it is a long term solution that a lot of companies do not want to invest in. The majority of software companies do not think this way.
<a class="jive-link-external" href="http://news.com.com/2100-7344-6069363.html?tag=tb" target="_newWindow">http://news.com.com/2100-7344-6069363.html?tag=tb</a>
Fines and such work well for commercial companies, and they also need to clean up their acts.
On the bright side, if companies are held accountable for the quality of their software, we may see less jobs lost to outsourcing.
Here's the problem: For open source, who gets held accountable? If it's the keeper of the kernel, so to speak, such regulation could effectively kill open source. What company in their right mind would allow unaccountable non-employees to contribute to their code if it could potentially expose them to fines when the bugs inevitably turn up?
The solution to the problem is to look in the mirror and decide that an investment in internal process and Testing/QA is the way to improve the revenue stream by improving the reliability of the software. This along with higher customer satisfaction and renewal of licenses will improve the P&L. But it is a long term solution that a lot of companies do not want to invest in. The majority of software companies do not think this way.
With software - the requirements are always changing by the user.
Of course some bridges don't work completely - they don't stand up to earthquakes, or can't hand an airplane crashing into them, or a boat/barge and they also get destroyed/broken. They also don't last forever and eventually fall apart.
Heck, I could still be happily using it for more than just a BBs platform if I didn't have to interact with other platforms. Well, and if the IP protocol support didn't suck. But then, driver support and game publishing for DOS has follen rather out of fashion.
Mind you, if I'd had access to Unix rather than Dos when I was seven I'd likely have never touched winblows.
Despite this persons employer, the points are valid.
I suspect the complaints are from lazy half-ass developers who don't know 10% of what they think they do abut software security. It is alarming how many professional programmers really don't understand what is going on in hardware, thus don't understand security issues.
If the software industry doesn't start cleaning up its act and take responsibility for its products(through warranties and other guarentees), governemt will step it and that will be to the detriment of everyone.
With software - the requirements are always changing by the user.
Of course some bridges don't work completely - they don't stand up to earthquakes, or can't hand an airplane crashing into them, or a boat/barge and they also get destroyed/broken. They also don't last forever and eventually fall apart.
Heck, I could still be happily using it for more than just a BBs platform if I didn't have to interact with other platforms. Well, and if the IP protocol support didn't suck. But then, driver support and game publishing for DOS has follen rather out of fashion.
Mind you, if I'd had access to Unix rather than Dos when I was seven I'd likely have never touched winblows.
Despite this persons employer, the points are valid.
I suspect the complaints are from lazy half-ass developers who don't know 10% of what they think they do abut software security. It is alarming how many professional programmers really don't understand what is going on in hardware, thus don't understand security issues.
If the software industry doesn't start cleaning up its act and take responsibility for its products(through warranties and other guarentees), governemt will step it and that will be to the detriment of everyone.
1) Software companies don't want to pay for the higher cost of doing software right.
2) Software companies learned from Gates that you need to be first to market to gain market share, then patch.
3) Not enough software engineers to meet companies demand for software.
You get the idea....
But hey! What do I know.
I *am* a software engineer!
1) Software companies don't want to pay for the higher cost of doing software right.
2) Software companies learned from Gates that you need to be first to market to gain market share, then patch.
3) Not enough software engineers to meet companies demand for software.
You get the idea....
But hey! What do I know.
I *am* a software engineer!
Of all the people... Oracle saying this? Surprising!! Not only their server systems, but their patches are also so full of bugs!
Of all the people... Oracle saying this? Surprising!! Not only their server systems, but their patches are also so full of bugs!
It is truly laughable :D
It is truly laughable :D
problem is you have managers who dont understand software quality and how long it takes to program. Less and less time is given to the coding aspect of a lifecycle and more to testing/fixing which if you do the coding right u need less time for testing/fixing, and more pressure is put on developers to rush using quick fixes instead of doing something properly!
Then higher up you have the customer who wants more, for less money in less time, its like forcing a surgeon to do a heart transplant in 5 minutes, you expect perfection in 5 minutes?
It's too easy to blame the developer, so thats what happenes!
problem is you have managers who dont understand software quality and how long it takes to program. Less and less time is given to the coding aspect of a lifecycle and more to testing/fixing which if you do the coding right u need less time for testing/fixing, and more pressure is put on developers to rush using quick fixes instead of doing something properly!
Then higher up you have the customer who wants more, for less money in less time, its like forcing a surgeon to do a heart transplant in 5 minutes, you expect perfection in 5 minutes?
It's too easy to blame the developer, so thats what happenes!
Looks like they're trying to place everybody else in the same bandwagon which they've found themselves in.
But it just doesn't work that way. Some of what she says has merit, but much is ado about making them look "NOT SO BAD"! (* ROFLOL *)
Bottom Line: There is NO SUCH THING as 100% SAFE software... and thus patches are required. But she's going on and on about how to develop a 100% secure application which is just impossible.
So much for her daydreaming! (* ROFLOL *)
Walt
Looks like they're trying to place everybody else in the same bandwagon which they've found themselves in.
But it just doesn't work that way. Some of what she says has merit, but much is ado about making them look "NOT SO BAD"! (* ROFLOL *)
Bottom Line: There is NO SUCH THING as 100% SAFE software... and thus patches are required. But she's going on and on about how to develop a 100% secure application which is just impossible.
So much for her daydreaming! (* ROFLOL *)
Walt
about the shoddy quality of software.
It just shows that they themselves don't have a clue about what's
going on and that they don't give a flip about EULA's. I mean,
that's for the legal eagles to worry about right?
Ever read a EULA carefully? I refer to the bit where they say: "This
software product is delivered as is and offers no guarantee of
usability whatsoever NOT EVEN FOR THE PURPOSE IT WAS SOLD
FOR". Not exact wording, but it's close enough for this purpose.
What they say is that although they will claim it's the best thing
since sliced bread, they don't have enough confidence in their
own product that they will guarantee that it will perform its base
functionality. Just that: we don't guarantee that it will actually
work.
And you believe they would be concerned with luxuries as safety
when they can't even guarantee that their product will do what
you buy it for?
Users have to realise that a large application can't be created in
three weeks time by 4 people on a shoestring budget. Execs
want that, shareholders demand it, but it doesn't work like that.
Microsoft's Vista qualms show very clearly how difficult it is to
make something as complex as an OS [and then you have to
worry about how good it will be in the end. Hint: read the
EULA ;)]
about the shoddy quality of software.
It just shows that they themselves don't have a clue about what's
going on and that they don't give a flip about EULA's. I mean,
that's for the legal eagles to worry about right?
Ever read a EULA carefully? I refer to the bit where they say: "This
software product is delivered as is and offers no guarantee of
usability whatsoever NOT EVEN FOR THE PURPOSE IT WAS SOLD
FOR". Not exact wording, but it's close enough for this purpose.
What they say is that although they will claim it's the best thing
since sliced bread, they don't have enough confidence in their
own product that they will guarantee that it will perform its base
functionality. Just that: we don't guarantee that it will actually
work.
And you believe they would be concerned with luxuries as safety
when they can't even guarantee that their product will do what
you buy it for?
Users have to realise that a large application can't be created in
three weeks time by 4 people on a shoestring budget. Execs
want that, shareholders demand it, but it doesn't work like that.
Microsoft's Vista qualms show very clearly how difficult it is to
make something as complex as an OS [and then you have to
worry about how good it will be in the end. Hint: read the
EULA ;)]