It is. Currently I don’t have a machine where I can both install and test code.

NCIS found the best solution to security years ago.

https://youtu.be/bwUdjeu4C6A?si=7CzrM537rbadLMns

Which is exactly why security should be on the executive agenda.

Judging by the last month of our Microsoft 365 tenant at work, they have plenty of room to improve. (Maybe by expanding in-house QA instead of relying on their customers.)

One of the several issues we ran into in the last few weeks was that you couldn’t download or view attachments in the Outlook Web app if you’d been logged in for over 10ish minutes.According to the official advisory, this was due to “code put in production designed to increase reliability.” That was a funny way of making things reliable. It was over a week until they’d pushed a fix for that one - right around the time more Outlook issues started popping up.

So yeah, while I agree with you that this might be tough - it might just be the best move they’ve made in a while. Maybe it’ll cause them to pay more attention to fixing bugs, and focus less on solving problems no one has. (Apparently we, as customers, have been dying for an AI button on our keyboard, to easily access an AI feature now baked into the taskbar.)

And in Microsoft’s case you also have to preserve backwards compatibility. It’s one of the reasons the OS continues to dominate despite how it treats its users.

“Not garbage” seems like a low bar to overcome for a company with such long experience. 😅

But we just bought tool X that is ISO certified AND soc2. How are we not secure yet? Does the tool not work?!?

Well, going from ‘hot garbage’ to ‘not garbage’, they have a long road ahead.

That exactly it. M$ execs look at this stat and probably go “we need to make it more unsecure, for the shareholders - of course.”