Friday, May 22, 2020

On "Patching" II

The tolerance of the IT community for poor software quality seems infinite.  The "quality" strategy of major software vendors is to push the cost of quality onto the customers.  The more customers they have the greater the cost.  Instead of "doing it right the first time," the vendors push out late patches.  From the rate at which they push out patches one may Infer that there is a reservoir of vulnerabilities.  Their customers have had to allocate resources and organize them around "patching."  They are almost grateful for the fixes.  

The market, the collective of buyers, prefers systems that are open, general, flexible, and that have a deceptively low price.  The real cost includes the cost of perpetual patching, the unknown cost of accepting the unknown risk of all the vulnerabilities in the reservoir, along with the risk of an unnecessarily large and public attack surface.  

We do not even measure the cost of their poor quality.  

We should be confronting the vendors with this hidden cost.  We should be comparing them on it.  

1 comment:

  1. As with lots of modern IT problems, MS shares a full share of the 'blame' for this. Pushing software out the door before it is adequately test and adding more features than any ten people will ever use; they then went on to make monthly patching yet another feature of their products. At least two control system vendors have now established the same feature in their products.
    Would modern consumers even recognize quality when they saw it in a product?