top | item 13580351

(no title)

Disclosure: I work at MS but not on the kernel or anything related to this security bug. Opinions are my own.

I've seen one-line bug fixes introduce many other bugs.

Adding a null check is always suspicious. Is the system in an invalid state? Should it fail fast instead of swallowing the error?

Maybe the code wasn't touched in several years. Maybe the person that wrote it no longer works there. Maybe the code in question doesn't have good test coverage or documentation. There are so many variables to consider when assessing risk of code changes.

discuss

tremon|9 years ago

Maybe the person that wrote it no longer works there. Maybe the code in question doesn't have good test coverage or documentation

These are not valid excuses for a company the size of Microsoft.

Sunset|9 years ago

These are the kind of consideration only companies the size of Microsoft are likely to have.