>"cyber-attacks and security vulnerabilities in Microsoft products and services that could reduce revenue or lead to liability" should be at the top of the list.
Could you point out any program or OS that could guarantee neither of these? Based on what I have seen all major OSes and programs have these issue regardless of whether it is closed source or open source.
Besides how do expect them to quantify such unforeseeable events on their accounting statements?
Realistically I think that the last field, Vulnerabilities / Product, is the one of more interest here. Rates are much more informative than absolutes. I'd be more concerned using a Canonical product based on the data you've shared than a Microsoft product.
>Actual results may differ materially from those indicated by such forward-looking statements as a result of various important factors, including: ...risks related to data and information security vulnerabilities..
>Security breaches and data loss may expose us to liability, harm our reputation and adversely affect our business.
>Our business involves the production and distribution of enterprise software technologies, as well as hosting applications. As part of our business, we (or third parties with whom we contract) receive, store and process our data, as well as our customers’ and partners’ data.
>While we take security and testing measures relating to our offerings and operations, those measures may not prevent security breaches and data loss that could harm our business or the businesses of our customers and partners. Advances in computer capabilities, new discoveries in the field of cryptography, inadequate technology or facility security measures or other factors may result in data loss or a compromise or breach of our systems and the data we receive, store and process (or systems and the data received, stored and processed by third parties with whom we contract).
>These security measures may be breached or data lost as a result of actions by third parties, employee error (such as weak passwords or unencrypted devices), malfeasance or vulnerabilities or security bugs found in software code. A party who is able to circumvent security measures or exploit inadequacies in security measures, could, among other things, misappropriate proprietary information (including information about our employees, customers and partners, our customers’ information, financial data and data that others could use to compete against us), cause the loss or disclosure of some or all of this information, cause interruptions or denial of service in our or our customers’ operations, cause delays in development efforts or expose customers (and their customers) to computer viruses or other disruptions or vulnerabilities.
>A compromise to these systems could remain undetected for an extended period of time, exacerbating the impact of that compromise. These risks may increase as we continue to grow our cloud and services offerings and as we receive, store and process more of our customers’ data. Actual or perceived vulnerabilities may lead to regulatory investigations, claims against us by customers, partners or other third parties, or costs, such as those related to providing customer notifications and fraud monitoring. While our customer agreements typically contain provisions that seek to limit our liability, there is no assurance these provisions will be enforceable and effective under applicable law. In addition, the cost and operational consequences of implementing further data protection measures could be significant.
>Moreover, because the techniques used to obtain unauthorized access, disable or degrade service or sabotage systems change frequently and often are not recognized until launched against a target, we may be unable to anticipate these techniques or to implement adequate preventative measures. Any loss of data or compromise of our systems or the data we receive, store or process (or systems and the data received, stored and processed by third parties with whom we contract) could result in a loss of confidence in the security of our offerings, damage our reputation, loss of channel or strategic partners, lead to legal liability and adversely affect our business, financial condition, operating results and cash flows.
And their investor site is worryingly running on Cold Fusion of all things.
So I guess you'd not use Linux too, since Red Hat is one of the major contributors to the Linux kernel and server apps?
