uncle mark wrote:I dunno...
Company A puts out a product that has widely known defects.
Company B buys it anyway.
First hand, Company B does not buy it directly from Microsoft, they buy their PCs in bulk from a large vendor (like Dell). in most cases, the purchasing decisions are made by non-technical people who does not know that there is a alternative OS like GNU/Linux & the vendor is most likely a Microsoft partner. the vendor will never offer the purchaser Linux based PCs.
uncle mark wrote:Company C is contracted to install the product. It is aware of its defects, and also knows there are well known, documented ways to mitigate the potential damage from the product's defects. Company C does not include those mitigations in its installation.
Company B does not insist that the mitigations be included in the installation. Neither does it implement same said mitigations itself, post installation.
Again, in company "C"s case, it too, is most likely a Microsoft "Partner"
don't expect them to know any more about security then the average home user. their job, just like Microsoft, is to sell Microsoft software & to keep the customer on the upgrade treadmill forever. also, i must add that , company "B" does not always use a third party.
uncle mark wrote:Company A cashes a check. Company C cashes a check. Company B saves a few bucks by not implementing the mitigations.
Company B gets bit by the widely known defects in the product it bought.
Who is to blame for Company B's problem?
Me, I say it's their own damn fault.
i say it is STILL Microsoft's fault. because of all of the anti-competitive acts that they did against Linux (and other O.S.s) many people still do not know that Linux exists.