Microsoft: A Legitimate Point about Good Enough
October 20, 2021
A post by Stefan Kanthak caught my attention. The reason was an assertion that highlights what may be the “good enough” approach to software. The article is “Defense in Depth — the Microsoft Way (Part 78): Completely Outdated, Vulnerable Open Source Component(s) Shipped with Windows 10&11.” I am in the ethical epicenter of the US not too far from some imposing buildings in Washington, DC. This means I have not been able to get one of my researchers to verify the information in the Stefan Kanthak post. I, therefore, want to point out that it may be horse feathers.
Here’s the point I noted in the write up:
Most obviously Microsoft’s processes are so bad that they can’t build a current version and have to ship ROTTEN software instead!
What’s “rotten”?
The super security conscious outfit is shipping outdated versions of two open source software components: Curl.exe and Tar.exe.
If true, Stefan Kanthak may have identified another example of the “good enough” approach to software. If not true, Microsoft is making sure its software is really super duper secure.
Stephen E Arnold, October 20, 2021