This is about processes: Google Chrome Vulnerable to Carpet Bombing

This is the kind of stuff I hate to see – definitely within Microsoft but to a similar extent within competitors. I think we have a joint mission: Make the Internet a safer (and more trustworthy) place.

There was quite some noise yesterday around Google Chrome. And a lot of noise about "safer browsing" and security. Now, I started to read articles that Google built its new browser on a Safari version which is outdated and not yet patched against the Carpet Bombing flaw.

This is about processes and quality assurance (and trust) and not about technology. This is about a Security Development Lifecycle with proper testing and QA. Google published a long comic on Chrome and talks extensively about testing – I think there is some real room for improvement here.

Do not get me wrong: We are far away from perfect. We will never achieve the "perfect" level. But we worked hard to implement strong processes and even share them with the industry (see SAFECode). So, why do companies like Google, Oracle, sun, etc not join such initiatives to jointly make sure we do not release products with vulnerabilities in, which are known since a long time…

Roger