[eezurr]

Because at the end of the day, security is run by humans, who are imperfect and variant day to day. And also, the software used was likely programmed by one developer, and used by another. The user does not have the same depth as the developer, and did not assign specific byte-code definitions to the text option list. Thus the text interpretation is imperfect.

[DarthGhandi]

This is true and it's the unstoppable nature of complex systems and the myriad of people responsible for them.

That said, this line from the article is pretty damning, it took them 3 days to lock down that insecure server. For a company that size with all those security employees it looks both lazy and negligent.

> The infosec firm reported the problem to Microsoft on 13 September, and the database was vanished from public view by the Windows giant's security response centre on 16 September.

[tha0x5]

That's why you have process in place with standards. You should be able to know nothing but still fail safely.