The longer it takes Microsoft to address a known vulnerability, the higher the probability that one of the 'bad guys' will find it and release the details to the public. Microsoft has a responsibility to get these fixes out quickly.
Microsoft is no longer the worst offender when it comes to sitting on patches. Oracle has taken that crown. But I think there's still a culture at Microsoft that security is a PR issue that must be handled delicately. And that's a dangerous culture.
This all goes back to the responsible disclosure debate.
Copyright © 2024 Electric Goat Media. All Rights Reserved.