Here it goes again. Microsoft Corp. made the front pages recently for yet another security bug, this time in its Passport authentication service.

What made this more than your average today's-bug story was the too-hyped observation that Microsoft could be assessed a fine of US$11,000 per Passport account. With 200 million or so Passport accounts, not a small number of which were created just to enable one or another Microsoft software product, the fine would amount to $2.2 trillion. Even Bill would notice such a hit. But the prospect of a significant reduction in the national debt is not the subject of this column; common sense is.

The idea of hitting Microsoft upside the head with a fine of almost eight times its market cap reminds me of what a cab driver in Singapore told me about driver's education there. He said the fines for traffic violations were not high enough to get the attention of rich folk, so caning was more effective at sending a message. No one could say this fine would not get the attention of whatever remained of Microsoft. But enough silliness - as CNN noted, "any fine would be significantly lower."

To put things in perspective, it has been said that Windows has somewhere between 30 million and 50 million lines of code. To only have a bug a week with a code base of that size is doing rather well. But sometimes the bug is not one of bad code, but of bad design, as seems to be the situation in this latest case.

[ Read more ]