Joe Wilcox is one of the ex Jupiter Research analyst that I follow.  I find his writings to be a succinct.  He is focused on Microsoft and analyzes many of its actions and lays out his thoughts very well.

In one of his recent posts, Windows Genuine Crack he has quoted Alex Kochis from WGA – So What Happened? regarding a semantic hair splitting on whether what happened was an outage or something else.  I really do not care whether they call it an outage or outrage.  Well north of 10000 users seems to have been affected with WGA failure.

More important to me is the following Q & A from the WGA entry.

How did this happen in the first place?

Nothing more than human error started it all. Pre-production code was sent to production servers. The production servers had not yet been upgraded with a recent change to enable stronger encryption/decryption of product keys during the activation and validation processes. The result of this is that the production servers declined activation and validation requests that should have passed.

So, somehow pre-production code ended up in production servers.  Servers that are exposed over the internet to millions of Windows Machines.  This from a company that touts secure computing initiative and spends billions of dollars to make Windows Secure.  WGA by its nature is also a part of Windows eco-system.  Is it not?  As I understand, without WGA,  most of the Windows machines will be running with reduced functionality and that is not what Microsoft wants users to experience in Windows Vista.  They want Windows Vista to be a “Wow” factor with their customers.

That being the case, I am not able to understand how such a big organization spending billions of dollars on secure computing initiative let untested pre-production code into the production environment.  What happened to the vaunted checks & balances and controls built in their SDLC?  Is it an isolated incident or does it happen across all product lines?  What are the implications?  Did they really think twice before letting the Q&A appear in the blog entry that will raise these sort of questions (kudos for honesty though)?

Advertisements