First it was McAfee - on or around 4/22 they erred and sent out a defective update that disabled systems running Windows XP (SP3). This is your worst nightmare - the system you purchased to protect yourself itself brings you down ! Now how do you look at risk !
Then it was Microsoft ! They released an update which is supposed to be critical for Windows 2000 systems but was incomplete at the time of release. The update took care of a reported vulnerability but missed out on addressing a second and the update went out in the form where the user would still be vulnerable to attack (even after applying the patch).
Computerworld covers this incident here
Process failure,
process failure and
process failure. No one is perfect and neither do I profess perfection. It is a state which is extremely difficult to achieve and then more difficult to maintain.. all because perfection is a utopian state which exists as much as zero risk !
Having said this, what surprises me is the gap in the process where these incidents fell through. While Microsoft has not had anyone reporting losses due to the incomplete update patch, McAfee has to pay for their gaffe.
McAfee has admitted to a problem in the quality process. They say they made changes in the QA system and as a result a faulty DAT file went through ! Nice ! Changes are being made to ensure this does not happen again.
They have issued an apology to their customers and offered to compensate those who have been affected by the bad update.
The lesson is clear - ensure process compliance and make sure Change Management is a serious process and there are no exceptions. If the mighty can stumble, the small and medium (meek) business do not have a hope to survive.
What I like is the quick proactive stance of McAfee - they went into damage control immediately and apologized. This was followed up quickly with the compensation offer which may not help much but is an offer nonetheless. It also reminds me of Toyota and the various other car companies that have recalled their cars to fix faults. Unfortunately you cannot do a recall in this scenario - the arrow is out in flight and will either hit or miss ! no way you can stop or recall it !
No comments:
Post a Comment