InfoWorld's John Udell talks about a security crisis that recently hit Firefox, and propounds the heresy that open source and Microsoft programmers can actually learn from and help each other (emphasis added):

[A] debate began, refracted through the lens of ideology. This time there was no Microsoft to blame. The open source underdogs had done this to themselves. And while some would argue it wasn’t Firefox’s fault -- since Greasemonkey is a user-installed extension -- Firefox took its share of the blame, just as Internet Explorer does when its add-ins cause trouble. . . . .

There are no perfect answers to [the] questions. At the moment, we don’t even have good ones. If you, therefore, decide to reject all rich Internet application scenarios that add risk, I won’t try to talk you out of it. Extreme conservatism is a valid stance. If, however, you believe the benefits ultimately outweigh risks, and that we can work through the issues, then let’s consider the second thread woven through last week’s discussion: the techniques and mindsets that open source developers and Microsoft developers bring to matters of security.

Some say that open source software is inherently secure because the “open source process” makes it so. Wrong. Open source software, and the collaborative culture that surrounds it, have surely enhanced Firefox’s security. But also necessary is a disciplined approach to reducing the attack surface area. And one of the most vocal and visible proponents of that discipline today is ... Microsoft.

The recent turnaround of the company’s IIS (Internet Information Services) Web server was remarkable. Version 6 is rock-solid and arguably safer than Apache. If the long-delayed refresh of Internet Explorer has been rethought along similar lines, it could prove to be an excellent platform on which to safely tap into the power of AJAX -- which, after all, Microsoft invented.

The open source and Microsoft cultures can complement one another. I hope they will. If we’re going to safely enjoy the benefits of AJAX-style computing, we’ll need all the help we can get.