This month's huge Microsoft Patch Tuesday security update proves the limits of the software company's programme for secure software development, claims data security firm Imperva.
This week, Microsoft released a record number of patches in its monthly update aimed at fixing 34 vulnerabilities.
"If Microsoft has to issue this many patches, then it is obvious that its Security Development Lifecycle (SDL), while important, is imperfect," said Amichai Shulman, chief technology officer at Imperva.
"No matter how much quality assurance you throw at the SDL process, there is a limit to the effect you can have on the quality of the software application.
The SDL is part of Microsoft's Trustworthy Computing initiative adopted in 2002 to improve the security of its products.
According to Shulman, what has happened to Microsoft is likely to start happening to other software vendors, as more complex applications are released.
The prudent use of an SDL can improve the quality of software, and the security of the information its processing, but the threat landscape is extremely dynamic, he said.
"Companies must have defensive technologies in place to combat immediate threats that SDLs simply cannot cover," he said.