"There ought to be a "decent interval" between the discovery of the breach and its public revelation."
Go back and read the story. You have your facts all wrong.
A tool found the crash and the guy asked for help in determining why. Someone else found th actual problem. It was a colaborative discovery. Neither person alone found or published the exploit. It was readily replicatable every time you pointed this tool at a microsoft browser.
Microsoft STILL has not published a fix.
Had this been Nozilla, or Opera, or Konqueror browser the fix would be in WIDE distribrution already.
Yeah, that will give the people who actually know about it time do their exploits undisturbed.
Good point. Still, the people working on the problem would have done better to carry on their discussion on a private e-mail list rather than in public. In all fairness, many private bug hunters would not think to do this. But it's the right way to investigate a security problem.