Marketing forces

It doesn't matter how hard you try, mistakes will always be made when coding. To mitigate this you need to do lots of testing, but testing slows time to market.

In a lovely make believe world ATI would have thrown their drivers at someone like @STAKE along with a NDA and said "break it". The trouble is that takes time, and if they do break it, it takes even more time to fix it and test it all over again. That's time you're not selling your new gfx cards because you don't have a working driver for them which = a drop in your stock value.

As you can see security doesn't make financial sense, at least in the old model of release and patch. Why wait on an insecure product? When was the last time you saw a major news story on a security flaw outside of the tech news community? You make more money releasing early and fixing it later.

As for MS signing off flawed drivers - how is that a surprise? ATI are a big company, they do their own internal testing, of course their drivers are safe! Well they're not malware at any rate which is all the driver signing is meant to stop, not sloppy coding. All MS were interested in was receiving their fee from ATI for signing the drivers. Which I guess just shows that driver signing isn't about security at all, but protectionism for the big boys.

*sigh*