It is a dilemma. If a company produces something that does not work
as expected, should it inform its customers? And, if it chooses to
do so, when should it inform them?
Cliff SaranSoapbox
If the flaw affects the safety and well-being of customers,
surely they should be informed as soon as the problem has been
identified. It is, after all, the natural response people would
expect from a responsible manufacturer.
In the car industry, when the Mercedes A-Class failed the elk
test - the car rolled when forced to avoid a stationary object such
as an elk on the road - Mercedes spent a vast sum of money fixing
the problem. And it produced a car that would keep its customers
safe in the unlikely event of having to confront large mammals.
Does the software industry behave in such a responsible manner?
Not bloody likely. Not only do users have to put up with
second-rate software that has not even passed rudimentary levels of
quality assurance, but they are not told when things go wrong.
Users are also asked to consider bugs a necessary evil of the fast
pace of IT development. They are not.
The IT industry really has a lot to answer for. It warned of the
risk of a Y2K catastrophe yet, at the same time, developed hardware
and software that still lacked proper date handling. This is
unforgivable.
Last week Computer Weekly learnt of a security hole in
Microsoft Internet Information Server 4.0. The Web is extremely
important for business users. A bug on a firm's Web server could
seriously damage their Internet-based business and ruin their
reputation. For more than a week, Microsoft failed to publicise the
problem or produce a fix. This simply isn't good enough.