What people don't realize about the 'broken' programs is that microsoft puts backdoors in the software on purpose
There's probably some of that, but I'm certain it's a balance of time, incompetence, and malice (greed, if you want to put it more kindly).
When shipping time comes, all the security testing you've done is all that you're going to do. As programs become more complex, full security testing with a team of less than infinity people becomes virtually impossible. If your team missed some obscure exploit... oh well, we'll push a patch if/when it's found. Basically every video game after Pong! has some exploit... and even Pong! had a defect (paddles couldn't go all the way to the sides). And video games operate much the same ways these days now that everything's online (and video games are so much more complex).
Then there's incompetence. Not every programmer is your best, and your best programmer doesn't have time to go over all the others' code. So you're going to get some subpar stuff that slips through.
Then there's malice and/or greed - what you're discussing. The NSA (and MS and whoever else) want all the data they can consume. Name your price, skim some of that profit to assuage any ethical concerns your programmers might have in building the back door (or just have management push a specific vulnerable design feature and allow nothing else), and push the product with the known bug/vulnerability.
InYourFaceNancyGrace 0 points 1 week ago
There's probably some of that, but I'm certain it's a balance of time, incompetence, and malice (greed, if you want to put it more kindly).
When shipping time comes, all the security testing you've done is all that you're going to do. As programs become more complex, full security testing with a team of less than infinity people becomes virtually impossible. If your team missed some obscure exploit... oh well, we'll push a patch if/when it's found. Basically every video game after Pong! has some exploit... and even Pong! had a defect (paddles couldn't go all the way to the sides). And video games operate much the same ways these days now that everything's online (and video games are so much more complex).
Then there's incompetence. Not every programmer is your best, and your best programmer doesn't have time to go over all the others' code. So you're going to get some subpar stuff that slips through.
Then there's malice and/or greed - what you're discussing. The NSA (and MS and whoever else) want all the data they can consume. Name your price, skim some of that profit to assuage any ethical concerns your programmers might have in building the back door (or just have management push a specific vulnerable design feature and allow nothing else), and push the product with the known bug/vulnerability.