Last week, Microsoft CEO Steve Ballmer said, "Rest assured we will never have a gap between Windows releases as long as the one between XP and Windows Vista. Count on it. I could go through the history of how we got here. Just count on it, we will never have this kind of gap again."
When I read that quote, I thought, "Oh no, here we go again." In the past, Microsoft's hasty OS release schedule led to a lot of security problems, which of course cost companies and individuals all over the world huge amounts of time, money, frustration, and in many cases, embarrassment.
How Microsoft got to the point it's currently at is this: Windows 3.x, released in 1990, was in widespread use on desktops when, in 1993, Microsoft released Windows NT. In 1995, the company released Windows 95, and in 1996, the company released NT Workstation. In 1998, the company released Windows 98, and in 2000, Microsoft released Windows Me and Windows 2000. In October 2001, the company released Windows XP.
Microsoft was criticized more harshly as time went by about the poor design of the OSs and the huge number of security holes, but the company didn't do a lot about the inherent security problems other than releasing fixes left and right and downplaying impacts when it could.
About a year after the release of XP, in September 2002, Microsoft released XP Service Pack 1 (SP1). Microsoft then put the brakes on its relatively rapid development and release schedule and conducted a massive security audit of its code to find and fix as many security problems as it could.
The results were Windows Server 2003 (released in 2003) and XP SP2, released nearly two years after XP SP1, in August 2004. It was my opinion at the time that XP SP2 brought so many significant changes, including security-related changes, to the desktop OS that the new release could have been called Windows XP2. The time line suggests to me that security is one of the major reasons for the delay between the release of XP and Windows Vista.
Microsoft currently plans to release Vista sometime in early 2007. If it does so, the time between the original release of XP and Vista will be roughly 5.5 years. That's a long time in the computer industry these days, but in my opinion, it was worth it to create a much safer product (which incidentally still isn't safe enough.) Time is indeed a cost of doing business prudently.
But let's also not forget that in August 2004, Microsoft released a major upgrade in XP SP2, so effectively only 2.5 years will have passed when Vista is released. That's not a long time when it comes to OS development.
I hope Microsoft has learned from its past experience with security. If the company falls back into a hasty OS release schedule without keeping security front and center and slowing down when security matters indicate such action, then we're all undoubtedly going to suffer the consequences.