Pixelated Semantics


A schizotypical inventory


This page is powered by Blogger. Isn't yours?
April 12, 2006

Three critical flaws

From today's press releases arises the thesis that Microsoft's 'Patch Tuesday' announcements always announce 'three critical security flaws' - usually in their web browser or operating system; announcements which almost always carry the same basic PR wording (and in the media's publications also almost always do not describe the actual flaws). This may produce some interesting analysis - for instance; why currently three flaws, and why usually at the level of 'critical'? Is there a limit on the number and type of flaws that MS can cope with - or is there an 'acceptible' amount of security risk that is maintained? It seems that two flaws was the standard number announced up until 2005, which coincided with increased pressure on MS over security (though the flaw count found on quick searching is 2, 3, 5, 7, or 10 in nearly all cases, 3 seems to have become standard.) As for the PR wording, here is a very quickly researched set of examples.

AustralianIT, April 12 2006.

'Microsoft has warned of three "critical" security flaws in its Windows operating system that could allow attackers to take control of a computer.'
Reuters (via MSN), August 9 2005.
'Microsoft Corp. warned users of its Windows operating system on Tuesday of three newly found "critical" security flaws in its software, including one that could allow attackers to take complete control of a computer.'
IDG, July 12 2005.
'Microsoft Corp. has released three software updates that patch critical security flaws in its products, including a patch for an Internet Explorer vulnerability first reported last week.'
SMH, June 15 2005.
'Microsoft has released 10 security bulletins, three of them describing critical flaws that could let an attacker take complete control over a computer system.'
TuneXP, November 2003.
Microsoft Corp. warned users of its Windows operating system today of three newly found "critical" security flaws in its software, including one that could allow attackers to take control of a computer.'
Surely MS should be informing its users about the risks entailed in the use of their software in a communicative manner, rather than recycling the same press releases year after year; PR that seems designed to either drive users like ignorant sheep to MS's web site or to cause them to switch off completely.

Comments: Post a Comment