<Many times publishing the hole is the only way to get MS <to respond. BugTraq has examples of "I informed MS two <weeks received any response from them".

have you mailed them hole-reports? has others mailed to right address?

personally, all my reports have been handled in days. first replies have come in 6 hours (and i say that is good, especially when comparing the time-difference, i am totally on different time-zone)

you should also look at the big picture. a tiny fix should work on all machines, around the globe, regardless what the fix is. it takes time to test. and also it takes time to produce fix that fixes things totally, not just announced hole, since ms investigates things, if they are part ofthe larger hole.

Bet you can guess which side of this argument I'm on.

-yes. boths sides are right, in their own way. but you cannot argue just the other one, you should also have personal experience using their service.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/140/4420#4420