I just finished reading an interview with a Microsoft Security Program Manager in Wired and something that manager said struck me as being the slickest way to slide around a question and not give a decent answer.
The question was:
Wired Magazine: It seems like Microsoft is fighting a losing battle with IE and exploits. Is it?
Microsoft PM: Software written by humans will always contain errors. We’re fundamentally changing the way things operate, to help to make software more resistant to attacks. We’re two and a half years down a much longer road; it’s more of a 10-year timeline.
Wow, how about you give a little more vague response? Everyone knows software is inevitably insecure and that only certain measures can be taken. Why not just tell us that everyone at Microsoft is sitting around dumbfounded by these exploits… At least then we’d feel like we weren’t being cheated.