writes "We recently discussed the disclosure of an exploit for Windows-XP by Google engineer Tavis Ormandy only 5 days after notifying Microsoft about it. Many called his action irresponsible and even criminal, especially since the exploit is actively attacked. It turns out he gave them 60 days, not 5! In this regard I might add that many people seem to think "zero-day" was a synonymous for "exploit". It is not. If anything, it would have been a "five-day"."