Recently there was a security flaw introduced by a security patch for IE, this obviously is a really bad thing and something the IE team1 have received a lot of criticism about for some time. Obviously, the IE team took it seriously and tried to find ways to make sure it didn’t happen again. One thing that really bothered me though was a statement in the IEBlog:

In parallel with making the right fix, we have been working through how we prevent similar mistakes from happening again. For instance, we have code-reviewed the past ten months of code check-ins from the developer responsible for this issue.

I can’t really imagine anything more demoralizing than having the past 10 months of your work reviewed because you made one mistake. It just says to me that the team considers that programmer incompetent all of a sudden2, rather than seeing the bug as the teams mistake and focussing on how to improve the way the team works to make sure it doesn’t happen again.

Maybe I’m just spoilt because I get to work with a really fantastic team that treats issues as a team problem and works together to fix it instead of finding a scapegoat. I just don’t see how you expect people to do great work when you demoralize them like that – developers do better work when they enjoy their work.

Now, I’m sure the team didn’t mean for it to come out like this, and maybe inside the team the perception is completely different – this is just a one-line example of the measures they’ve taken, possibly just made up or exaggerated to try to make people feel safer. I certainly hope so, because otherwise there’s someone on that team that probably feels like crap right now and isn’t concentrating on their work like they should be.

1 – and Microsoft in general↩

2 – despite the fact that they were considered competent enough to work on a critical security fix↩