That's exactly my point. They started off not so great and made mistakes on their way but if you look at how they evolved their Engineering practices in response to grave realities - the XP pre-SP2 security nightmare for instance, created a lot of positive Engineering changes at Microsoft and with Windows 7 they have made a lot of tangible progress in that area.
OS QA is a pain - a huge one for Microsoft given the complexity and volumes involved. The pain is in dealing with unknowns and unpredictable combinations of thousands of different variables and what reaction it produces.
But for something like authentication there must be standard testcases that are automatically executed and verified - blank password authentication, wrong password auth should all be standard test cases that are executed automatically and no software should go out the door until those basics are looking good.
OS QA is a pain - a huge one for Microsoft given the complexity and volumes involved. The pain is in dealing with unknowns and unpredictable combinations of thousands of different variables and what reaction it produces.
But for something like authentication there must be standard testcases that are automatically executed and verified - blank password authentication, wrong password auth should all be standard test cases that are executed automatically and no software should go out the door until those basics are looking good.