Fine line between responsible disclosure and...

Now I don't often come to the aide of Microsoft as a policy but even I have to speak up when people begin to bash MS for something they are trying to do in good faith. Recently some critics have been harping on MS's disclosure of unpatched flaws by arguing that they are in fact enabling hackers by giving hints.

Granted there are issues when such a wide number of PCs can be vulnerable and the vendor has very little to offer the end user in terms of workarounds. However I don't think the critics will ever be completely happy given the closed source nature of Windows. Let's face it whether its in a MS security bulletin, Bugtraq or some script kiddie news board. A flaw can go from unexploited to serious threat in a very short cycle. I don't blame MS for trying to disclose what it feels it can w/o directly pointing to a bug. Previously the stance was to disclose next to nothing and Microsoft was faulted for that policy as well. As with all things there's a delicate balance between being a responsible software vendor and disclosing issues to your customer base and giving breadcrumbs to wood be hackers.