In The Hidden Boot Code of the Xbox the X-Box-Linux programmers explain how the security code of the X-Box is structured and how Microsoft built in 3 errors in 512 bytes of code. Lots of kindergarten security mistakes. - as Bruce Schneier calls it.
Also nice is the conclusion of the article:
So with the first version of the MCPX, Microsoft was too naive and apparently did not understand basic security concepts. After they had learnt their lesson, they designed a pretty good system with the second version of the MCPX - but the implementation still contained at least three security holes (Visor, MIST, TEA). They were too fast releasing a new version of the MCPX, spending a lot of money in trashing tons of already manufactured MCPX chips and manufacturing updated ones, apparently without any further code audit which should have revealed the security holes.
512 bytes is a very small amount of code (it fits on a single sheet of paper!), compared to the megabytes of code contained in software like Windows, Internet Explorer or Internet Information Server. Three bugs within these 512 bytes compromised the security completely - a bunch of hackers found them within days after first looking at the code. Why hasn't Microsoft Corp. been able to do the same? Why?
Exactly. Why doesn't Microsoft get this right? Why does Microsoft repeatedly fail so badly at security? And don't give me the silly excuse that the bugs at Microsoft are found so quickly because it has so many users - this is basic knowledge that would be required. This is just sloppy.