On 4/27/06, Michal Zalewski <[EMAIL PROTECTED]> wrote: > Why didn't I even try, you say? Past experiences of numerous researchers > aside, consider this: Microsoft takes 3-6 months to fix critical but > non-public vulnerabilities in their flagship software (some of these flaws > must've been independently discovered by the rogues, hence putting > customers at great risk, or at best taking chances). This is not a > reasonable timeframe, compared to industry averages. Yet, they only take > 2-4 weeks to fix publicly disclosed bugs - thus making software safer, > sooner.
Please note that I ask this out of curiousity, and not in an attempt to be critical. Why not give MSRC a head start of one week? Regards, Brian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
