Security News

Microsoft's CEO: 80-20 Rule Applies To Bugs, Not Just Features

Paula Rooney

One common adage in the IT industry is that 80 percent of all end users generally use only 20 percent of a software application's features.

In recent months, Microsoft has learned that 80 percent of the errors and crashes in Windows and Office are caused by 20 percent of the entire pool of bugs detected, and that more than 50 percent of the headaches derive from a mere 1 percent of all flawed code.

In an e-mail update sent out broadly to enterprise customers on Oct. 2, Microsoft CEO Steve Ballmer highlighted initial progress being made on the company's Trustworthy Computing initiative, an effort rolled out by the vendor last January to improve its reputation in the reliability and security arenas. For one thing, there will be faster bug-fixing as a result of an error-reporting facility embedded in Office and Windows. And that error-reporting tool will be part of the forthcoming Windows.Net Server 2003.

The automated error-reporting tool enables customers to relay errors to Microsoft in a condensed "mini-dump" format, which simplifies the process, Ballmer said.

"One really exciting thing we learned is how, among all these software bugs involved in the report, a relatively small proportion causes most of the errors," Ballmer wrote in his three-page memo. "About 20 percent of the bugs causes 80 percent of all errors, and--this is stunning to me--1 percent of bugs caused half of all errors."

But one analyst said that customers should not come to the conclusion that the 80-20 bug ratio will make it easier for Microsoft to clean up problems with its software. "The 80-20 rule is often believed to be true in most things. Most often it is used by vendors to distract people from the problem of inadequate quality with the implication that they only need to work on a small number of issues to correct that problem," said Rob Enderle, research fellow at Giga Information Group. "What's forgotten is that 20 percent are often the most complex, most difficult [issues to correct and the most likely to spawn new problems as part of the correction process."

The tool and debugging method, however, did help Microsoft address 20 percent of all Windows XP bugs in Service Pack 1, more than half of all application errors fixed in Office XP Service Pack 2 and 74 percent bugs of fixed in the beta test version of Visual Studio.Net, Ballmer claimed.

The update appears to fulfill Microsoft's promise to be more up front about bugs and software problems, fix the issues and report progress to enterprise customers. In another memo, dated last June, Ballmer detailed a new company charter based on integrity, honesty, accountability and improved customer service and indicated that Microsoft would institute practices to effect broader customer communications.

That's not all. As part of the Trustworthy Computing initiative, Microsoft pledged to improve the reliability of products and build more security features into them. The software giant recently unveiled changes to its Passport authentication service to enhance consumer privacy. Also, Microsoft this past spring revealed plans to add new security features to a future version of Windows as part of its Palladium initiative.

The Palladium code will give users better security, personal privacy, and system integrity. In addition, Palladium is designed to offer enterprise customers enhanced network security and content protection, but those features are not expected to be delivered in the near future.

Learn More: .NET | Security
Sponsored Post