Microsoft Plucks Code From Plurk. Blames Vendor. But Who Is Monitoring The Vendors?

Microsoft issued a press release today, taking responsibility for the code theft from the startup microblogging service Plurk, but blaming the actions on a vendor firm contracted to write code for a competing product launching in China called Juku.  This is the second time in the past few weeks wherein Redmond has been dealt an embarrassing blow because of contractors they hire being too lazy (or stupid) to come up with their own ideas.

While I think the way Microsoft is handling this straight-up is good, it raises serious questions about who is minding the code base Microsoft is putting their name behind.  What is troubling about both of these occurrences is that they were not found by Microsoft, which points to a serious lack in the code review process, particularly code being brought in from outside sources.  What if this had been a rogue developer, bent on erasing data or planting a virus?  For Microsoft, it’s a may be just a financial and PR concern, but for enterprise IT it is two occurrences of something that never should have happened and hopefully never will again.