I mentioned reading about Microsoft’s culture. With the help of Mac Daily News, I found it. You can read the whole article here. Here is the paragraph I was thinking of, though the whole article is good:
The culture at Microsoft , however, prevents change. I was talking to a high level person in charge of security at the Intel Developer Forum last fall, and we chatted about what Microsoft could do to fix things. He asked the right questions, and I told him the right answer, trust. Plus, throw everything you have out and start again. He didn’t get it. No, more than that, he was impervious to the things I was saying to him, the culture is so ingrained that the truth can’t penetrate it. Microsoft cannot fix the ‘bugs’ that lead to security problems because they are not bugs, they are design choices. When faced with Java, Microsoft reacted with ActiveX. That, it claimed, could do everything that Java could not, because Java was in a ‘sandbox’, and programs could not get out.
The fact remains that Microsoft’s entire infrastructure is based on fundamentally flawed designs, not buggy code. These designs can’t be changed.