vanderwal.net

In an article from the New York Times regarding software oversight needed because some large companies don't check their own software for vulnerabilities, I ran across the following:

Proposals for government action being discussed by policy makers and computer security experts include strengthening the Department of Homeland Security's cybersecurity division and offering tax incentives to businesses for spending on security. Another proposal would require public companies to disclose potential computer security risks in Securities and Exchange Commission filings.

and the double standard for Microsoft

"There's a reason this kind of thing doesn't happen with automobiles," says Bruce Schneier, chief technical officer at Counterpane Internet Security in Cupertino, Calif. "When Firestone produces a tire with a systemic flaw, they're liable. When Microsoft produces an operating system with two systemic flaws per week, they're not liable."

I can just see it now the SEC requiring companies to divulge on their filings that their security threat is using the Microsoft OS. But, this would explain the day or two of lost productivity each quarter. I know of more than a handful of major firms (through friends that work at them) that had whole divisions (200 to 1,000 people) that were knocked off-line or completely out because of the last vulnerabilities. These did not show up in the news and their investors most likely were not informed.

At work I lose two to four hours per week of productivity to software bugs, security vulnerability patching, or operating system issues on the Windows platform we have to use. At home I do similar tasks on a Mac OS X based system and use Linux servers and I have a half an hour per month lost for the same things. Given I do more rigorous work at home and spend about an equal amount of time on the computer at home as I do at work I don't see why folks use Microsoft.