Computerworld - Microsoft Corp. developers overlooked a critical bug in the Internet Explorer browser because of a lack of adequate testing tools and training, a company official acknowledged last month.
The flaw, which Microsoft patched last week with an emergency update, had gone undetected for at least nine years.
Michael Howard, a principal security program manager who has been a proponent of the company's secure code-development process, said that Microsoft programmers had not been taught to look for the type of vulnerability that hit the data-binding function of IE.
Even Microsoft's automated "fuzzer" testing tools, which are dropped into applications to find failures, missed the bug, Howard said in a post on the company's Security Development Lifecycle blog.
This version of the story originally appeared in Computerworld's print edition.
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts