[dayglored]

> I doubt that anybody is going to understand the code and the potential exploits better than the Microsoft analysts/developers/coders.

Maybe. But maybe they're too close to the code.

I'd feel better if Microsoft were requiring the use of one or two of the high-end third-party static analysis products out there. You know what I mean, the packages that run a quarter of a million bucks or so. The ones the big boys use for code that has to work, like spacecraft code.

Because the last person you want checking code for mistakes is the person who wrote it, and the next to the last is any person who has a vested interest in not finding bugs.

Microsoft might be using someone else's analysis tools, I don't honestly know. But I've never heard of them doing so on Windows, and it would be a big deal if they did, so I assume they don't.

[adorno]

Because the last person you want checking code for mistakes is the person who wrote it

It's very doubtful that the same person that wrote the code would be the same that would be doing the security code. The original coders would be around as consultants, but, not likely to write the anti-malicious code. With a company as large as Microsoft, they can afford to have thousands of people doing the original coding of Windows, and perhaps hundreds of people doing the quality assurance and security checking.

So, who does the checking of the anti-virus/anti-malware checking for Norton or AVG or Avast? Perhaps the same people that wrote the original code?