A year is not enough.

This article reports that business enterprises should think of good security as an affirmative business practice, not just a cost to be minimized. The Sarbanes- Oxley Act has given impetus to this idea, but IT builders are still walking around the elephantine Windows XP Service Pack 2 (SP2), trying to decide if its legs are pillars of new strength for their infrastructure or if its tail is a rope that will hang them with application incompatibilities and attendant help desk workloads. If anyone thought that SP2 reflected a new commitment to security as fundamental to software's fitness for use, the year-end confirmation that Windows 2000 won't get its own version of the SP2 repair job should make the reality clear. But if short-term change has been less than what was hoped, longer-term changes have been greater than anyone would likely have predicted. Dominant vendors, such as Microsoft Corp. and Intel Corp., are the ones whose missteps matter to the greatest number of people. The importance of these vendors, though, is itself a testament that they've done much more right than wrong in the process of creating a commodity computing platform.