Here’s a very practical reason to run your drives through SDV and PREfast: people are using wi-fi drivers as attack vectors.
What does it cost to test drivers using PREfast, SDV, and the kind of input fuzzing described in the article? What does it cost to have a user’s system breached via your driver?
The problem: The cost for testing drivers is the cost of the driver writer. Note, you don’t only have to test the drivers, you also have to fix the bugs.
If someone does something bad with a customer’s machine, it is the cost of this customer, not of the driver writer. Thus, why should a driver writer care?
Note: This is not my personal opinion but the opinion I have seen from many companies in the IT sector.
I am really sympathetic to this viewpoint. A lot of drivers are written by contractors. Only the best of their customers will listen to their requests to produce a fully tested driver; all it does is cost the contractor’s customer more money (or so they think).
The company with the most to lose here is Microsoft. They’re the ones people think of when they see a bluescreen. That’s why the driver quality stuff could get interesting – it’s Microsoft’s way of pushing responsibility for driver quality back to the customer (as opposed to the contractor, who’s really stuck between a rock and a hard place).
And, of course, the real loser here is the end user, who cant manage to get a 100% reliable driver and really doesn’t know who to blame.