Bill Gates' comment on 10/22/2007:
========================
We have had various tools over the years to try and verify the security of protocols and their implementation. 
I wonder if any of those tools could have spotted these problems. I guess most of those models didn't model 
cross-site scripting attacks.

The problems described here seem quite serious and we should certainly improve our products—both server and 
client. These error handling cases are often a source of security problems.
 
I am less clear on our thinking about helping others but I will explore that with an email dialog. 
 
I guess the fixes to these problems will not create compatibility problems.
 
To be honest I have never been clear when a site should use HTTPS and what the clear cut benefit to the user is. I
know I get all sort of funny messages about going in and out of secure areas unless I tell the browser to stop 
telling me about it, which I always do.
 
This is a nice piece of work and reminds us how hard it is to have systems that are secure.
=======================