| > That's a lot of money and time to spend on supporting someone else's bug-riddled software. You can't test literally all software that exists before you release a security patch. Microsoft has been pushing telemetry for how long? I would think they would have a good idea of what to test so that p99 their software works for their customers. But it depends on the severity of the security issue fixed. If it's a big deal, you push it and let telemetry dictate your future hotfixes. If it's not a big deal, you do your internal testing, then push it through external testing, and see what telemetry picks up (hey!) > Just imagine testing every single solitary Windows application that exists, or has every existed, just to see if one of them crashes due to intentionally doing the wrong thing. What are they supposed to do, fix the 3rd party software? Delay fixing the security hole? Microsoft made its business on "where do you want to go today?" Not "you're holding it wrong" If windows and the 3rd party software worked before a windows update and doesn't after the windows update, that's Microsoft's problem because it reduces acceptance of updates. One way forward is to fingerprint the broken application and not do the update if it's active, another way is to prevent it from running after the update. Either of those allow unaffected users to get the update and get on with their life. Once the application is identified, Microsoft can work with them to update their software to do things right, and then figure out how to get users updated. I've been a user of desktops where the OS developer clearly doesn't care about continuity for users, and Windows feels more and more like that. It's not pleasant, and if I can't be assured what works today will work tomorrow, that leads to delaying updates which is bad for business. |