Said check of Internet Explorer 9 involved ISO/IEC 27001:2005 as a base for the common requirement specification. Interestingly flaw detection, update procedures and software inherent security mechanisms had been covered by the check, although ISO/IEC 27001:2005 is meant to be a formal specification which mandates specific requirements. That implies a company or an organization can only get certified for bringing information security under explicit management control, but any given piece of software itself cannot get certified that way – just as a software security mechanism which is ultimately based on a softwares source code. However the ISO/IEC 27001:2005 part which addressed Microsoft's update procedures seemed to be valid. It especially addressed the most considerable aspect of that notion: time. Most FOSS projects like Mozilla Firefox provide updates to fix bugs with severe impact faster than any commercial entity could possibly ever accomplish. Nevertheless Microsoft Internet Explorer passed that component testing.

The inspectors also pointed out that the secure operation of Internet Explorer 9 heavily depends on its security settings. Of course such settings are important, but even more important is the source code which ensures that a web browser and its underlying operating system never get compromised no matter what settings were in effect at the time of use. Unfortunately as with the check of Internet Explorer 8 no code analysis of Internet Explorer 9 has been performed as well. To make clear the importance of well designed code one should browse cert-bund.de/search and provide the system with a date range for notices between 25.05.10 and today (the time of writing this article). Therefore it is advised to select "short infos" and a risk level higher or equal than 4. The results indicate that there are 84 announcements for the search term "Internet Explorer" vs. 34 when entering "Firefox". Nevertheless Microsoft Internet Explorer got certified successfully.

The TÜV TRUST IT Ltd. website also contains an extraordinary sentence on it-tuv.com/internet-explorer/ which the author of this article had to read twice, quote: "Software, in particular, as comprehensive software as a web browser, has inherent errors in principle that can cause a system compromise in certain situations. Therefore, as part of the technical analysis, a full and intensive analysis of the software, based on its source code, was abandoned as an option." In other words the inspectors did not analyze the code because (that) software has errors in principle and so it is not reasonable spending the time. This is plain wrong! Especially such software, which is "the Window to the Internet", as Dorothee Ritz, General Manager Consumer & Online at Microsoft Germany mentioned, cannot be analyzed, penetrated and risk assessed to much and by too many people. Everyone knows that source code quality increases with the number of people who have a look at it and so the opposite is always a false assumption. Microsoft does not follow that paradigm due to its nature. Anyhow that does not matter since the Microsoft Internet Explorer now has a valid TÜV certificate after all.

The author of this article further criticizes the focus of the technical inspection, but primarily the lack of document publishing as a whole. Neither TÜV TRUST IT Ltd. nor Microsoft offered substantial documentation with reference to the discussed certification on their official websites for review. Especially these documents would have laid open the quality of the inspection and certification process in greater detail.