But that's exactly it. They are pointing their finger at this guy and saying: we don't really thrust him. All this about IE being insecure may just be one bad programmer. Let's make sure this programmer <FONT color=#000000>feels the pain. Nice team spirit! Obviously they were in a hurry to release the fix, so no </FONT>proper review was done, and now he takes the blame.
Didn't Microsoft learn anything from pushing out unverified code out in the past? Isn't this the reason for their miserable security reputation?
But security is supposed to be a big concern at Microsoft now, so how come this guy got to push patches for IE by himself? Why are they doing the reviews only now? Wouldn't any responsibly company dealing with a flawed reputation and buried in security bugs, have a system with both bug AND fix code-reviews (before and after analysis) in place - especially when they are changing their critical Internet components?
If you have ever done a code review you'll know that it can be a very painful (and a great learning) experience. But doing a back-log of 10 months check-in is just ludicrous - I can feel this guy's agony.
Or perhaps Microsoft is just saying: we let this bozo submit patches to IE for 10 months unsupervised. Other patches in the past may be deeply flawed too, but now we'll have a look. I guess they really are concerned with security after all.
bjarke