Patch timelines are excessive
For an organization the size of microsoft, 90 days is equivalent to years of developer time. If a single security bug is so massively severe that they can't get the patch together and tested in 30 days, the flaw can only be a symptom of a much larger problem. The problem of poor coding in the initial product. This policy of releasing pre-beta quality code as a finished product, and releasing fixes (not feature enhancements but actual code fixes) across the entire planned lifespan of the product (sometimes even through extended lifespans) Is Not Normal and should not be considered Acceptable.
- Just because everyone starts bashing themselves in the face with a hammer one day does Not make the behavior normal -
The problem is only getting worse, not better. So kudos to Google for automating the notification process and shame to Microsoft for dragging it's feet on fixing a Security bug in it's current flagship desktop product. If there is a problem here, it is in Microsoft's bureaucracy not it's technical resources to achieve a timetable. And if the flaw is so severe that it actually took more than 2 months to create a fix, consider the timetable of development for the whole Windows 8 abomination and it subsequent 8.1 reboot. That 2 months is suddenly a pretty significant chunk of development time in which massive changes can alter a product for good or ill. (Sorry, but I really dislike supporting Windows 8.x)
I will fully acknowledge debugging code is harder than writing crap code to start with, but ya know what's easier? Supporting code that was well written and tested to start with. oh, but sales and marketing says it's not as profitable than the eternal bug fix. Nuff said'