Microsoft issues out-of-band patches for Windows 11 startup failure – Computerworld

Human error or edge case?

Microsoft, like other major software vendors, does a lot of testing of patches before they are released. Still, says Tyler Reguly, associate director of security R&D at Fortra, they can’t catch everything. “It’s impossible to test every edge case and scenario,” he said in an email. “On top of that, at some point testing at a large scale requires humans – and humans make mistakes.

“The question I always want to have answered [when a vendor has to fix a fix] is whether it was human error or an edge case that was deemed unlikely. Unfortunately, very few vendors are willing to publish the results of their Root Cause Analysis (RCA). Instead, the best we can hope for is a quick fix and a mutual understanding that it won’t happen again.

In the case of human error, ensuring it won’t happen again may mean process or policy changes, he wrote, while edge cases could be the result of any number of variables. “When we talk about hardware and virtualization on top of hardware, we’re talking about a lot of things that can go wrong,” he pointed out. “In that case, while we hope vendors catch everything, we need to recognize that as an unrealistic expectation.”