[Prime Choice]

Microsoft pulled this same idiotic crap when the vulnerability behind Code Red was discovered in 2001. My suggestion to the shills in (and for) Redmond is that they shut up and fix their shoddy software.

And let's not forget Steve Ballmer's moronic statement on how security issues should be handled...

[stockpirate]

I tend to agree with MS on this. Others in the business that find flaws in someone's software shouldn't make it public for the very reasons stated. It is sad to hear a bunch of whiners that can't do the great things that MS has done.

[Yo-Yo]

If Microsoft put a bounty on each security flaw found, and made it a substantial sum, Windoze would soon be hackproof.

[ArcLight]

Sorry, but Microsoft has a point. Simply releasing info about a security breach before a fix has been found is irresponsible. There ought to be a "decent interval" between the discovery of the breach and its public revelation. I think a month is about right. The discoverer should first notify the software maker, then promise to hold off for at least a month before announcing the problem. This strikes me as a reasonable compromise that protects the public's right to know about the problem, but also minimizes the risk that the problem will be exploited by some scummy computer vandal.

[ChefKeith]

"We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests, by helping to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities with no exposure to malicious attackers while the patch is being developed."the vendors best intrests in COVERING UP the flaw so they can keep selling the crap.

[ScuzzyTerminator]

Microsoft's assumptions are:

1. A vulnerability that is not announced is not being exploited.
2. Their users are helpless until a patch is released.

Nonsense.

1. Never assume that a vulnerability that is not announced is not being exploited.
2. Users can render themselves protected by switching to another browser or by using IE with extra caution. These are a reasonable options and I have a right to know that I need them without delay.
   

[E. Pluribus Unum]

According to Microsoft, trying to figure out what makes their software crash is a crime.