The ZDNet commentary by Dan Farber, Ballmer security pitch leaves skeptics unswayed, is worth a read, if only for one thing which Steve Ballmer of Microsoft apparently said.

At the top of his list: engineering fewer vulnerabilities into software and educating users on how to stay more secure.

Did Ballmer actually say that? Because if he did (and even if he didn't), software engineers around the world should be giggling. Why? Because nobody is supposed to be engineering vulnerabilities into software in the first place. Either Ballmer said it, or said something similar to it, or Dan Farber may have a perspective on Microsoft's work which was not affected by Ballmer's words. What does that say?

It doesn't really say much in a concrete sense. But if someone ever tells you that they are going to engineer less faults into something, realize that they are running a business first, an engineering firm second. That sounds bad, maybe, but let's be serious - bugs do happen. And while I personally believe that Microsoft could do better engineering, I don't know that I could tell them how. For that matter, I don't know that I would. I believe that they simply can't get too far with compartmentalization of their source code - proprietary licensing being one problem, but another problem being that they compartmentalize code in Dynamic Link Libraries which, of course, is a mess. The registry, by trying to segregate infinite things, is a mess. And over time, the entire base code for every Microsoft operating system has probably become a mess as well. It's odd that wherever they try to keep things separated, stuff becomes unseparated.

Of course, poorly engineered products make more money if they are engineered with faults in them. That way you have to pay to upgrade. That's rather cynical. But why shouldn't I be cynical?