Microsoft Internet Information Server 4.0 fails elk test

It is a dilemma. If a company produces something that does not work as expected, should it inform its customers? And, if it...

It is a dilemma. If a company produces something that does not work as expected, should it inform its customers? And, if it chooses to do so, when should it inform them?

Cliff Saran

Soapbox

If the flaw affects the safety and well-being of customers, surely they should be informed as soon as the problem has been identified. It is, after all, the natural response people would expect from a responsible manufacturer.

In the car industry, when the Mercedes A-Class failed the elk test - the car rolled when forced to avoid a stationary object such as an elk on the road - Mercedes spent a vast sum of money fixing the problem. And it produced a car that would keep its customers safe in the unlikely event of having to confront large mammals.

Does the software industry behave in such a responsible manner? Not bloody likely. Not only do users have to put up with second-rate software that has not even passed rudimentary levels of quality assurance, but they are not told when things go wrong. Users are also asked to consider bugs a necessary evil of the fast pace of IT development. They are not.

The IT industry really has a lot to answer for. It warned of the risk of a Y2K catastrophe yet, at the same time, developed hardware and software that still lacked proper date handling. This is unforgivable.

Last week Computer Weekly learnt of a security hole in Microsoft Internet Information Server 4.0. The Web is extremely important for business users. A bug on a firm's Web server could seriously damage their Internet-based business and ruin their reputation. For more than a week, Microsoft failed to publicise the problem or produce a fix. This simply isn't good enough.

Read more on Microsoft Windows software

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close