But by doing that, it could hurt itself as much as the customers who end up with an infected XP system.
There's the real possibility that large-scale infections of Windows XP will paint the Windows brand as insecure, fulfilling the implicit prophecy the company made late last year. To most people, Windows is Windows is Windows, with no distinction between XP and the newest, locked-down 8.1. And for those people, Windows is Microsoft because it's the best known of the company's software.
So if post-April headlines appear that shout, "Windows under massive attack," Microsoft's reassurances that the bug can be exploited only on XP, that newer editions of Windows are safe to use, will be lost amidst the noise.
Outside its own software, Microsoft has other reasons for worry. As the company has often said, it's not just Windows that it must keep secure, it's the entire Windows ecosystem, the gamut of software that runs on the platform. A bug in a third-party program, such as Adobe's like-a-sieve Flash Player, which has had to be patched 18 times in the face of ongoing attacks since 2010, reflects poorly not just on Adobe but also on Microsoft. That's because Windows powers 90% of the world's PCs.
That's one reason why Microsoft has reached out to third-party developers — Adobe being just one — to help them craft their own SDL-like processes, a fact last week's retrospective trumpeted when it said its SDL guidance had been downloaded more than 1 million times since 2008.
Co-founder and former CEO Bill Gates made the connection in an all-company email he sent in January 2002, the call to action memorandum that ultimately led to SDL. "Our new design approaches need to dramatically reduce the number of such issues that come up in the software that Microsoft, its partners and its customers create," Gates said. "Trustworthiness is a much broader concept than security, and winning our customers' trust involves more than just fixing bugs and achieving 'five-nines' availability. It's a fundamental challenge that spans the entire computing ecosystem, from individual chips all the way to global Internet services (emphasis added)."
Gates stepped down from his role as chairman of the board last month, and will spend more time at Microsoft advising new CEO Satya Nadella on product and technology issues.
By letting XP slide into retirement while it still powers so many PCs, Microsoft risks tainting the Windows brand as insecure and the Windows ecosystem as infection-prone. And if Windows XP becomes an ongoing cesspool of malware, it could ruin a decade of efforts to beef up the security of that brand and ecosystem.
Sign up for CIO Asia eNewsletters.