In the first year

Feb 24, 2007 11:32 GMT  ·  By

Windows Vista is neither foolproof nor perfect. The statement belongs to Jim Allchin, ex-Co-President, Platform and Services Division. And is not that the Windows Chief did not trust the latest platform to come out of Redmond, but this is an axiom as far as code quality goes.

Microsoft's Stephen Toulouse, senior program manager for the Trustworthy Computing Group, confirmed this perspective: "when it comes to software vulnerabilities it's important to understand that no one is going to get the code 100% correct. Software is a human endeavor and as such will always contain a certain amount of error to it. But that doesn't mean we don't try to do everything we can to reduce vulnerabilities and increase software quality. To help improve security overall, we continue to focus on engineering excellence and our understanding of the threat landscape."

And Microsoft has also revealed the code quality standard it is looking to achieve with Windows Vista. Ben Fathi, corporate vice president of development for the Windows Core Operating System Division, and the former corporate vice president of the Security Technology Unit, stated that Microsoft is looking to cut the number of vulnerabilities across the operating system to a minimum.

However, the Redmond Company is looking to compromise for half the number of vulnerabilities that affected Windows XP in the first year of availability. "I made a statement six or nine months ago that I would like to see half as many vulnerabilities as XP had in the first year," Fathi commented at the RSA Conference 2007 in San Francisco. "Obviously, I'd like less than that; I'd be happy with zero. But I think it's reasonable to say, given the additional complexity and the additional size of Vista, that half as many would be a great goal."

In the first year of Windows XP's commercial availability, Microsoft has issued a total of 30 security bulletins, although the actual number of vulnerabilities was not revealed. In order for Microsoft to achieve its goal for Windows Vista, the operating system must not exceed 15 security updates by January 30, 2006.