Comment Re:woohhooo I have an opinion (Score 1) 246
Interesting idea, but it's worth pointing out that time is a significant factor, and is not directly inter-changable with money. It's more of an inversely proportional relationship. More money equals less and less time taken.
Sometimes you're really, REALLY, just out of time, and absolutely have to ship, and then where do you draw the line? You can't find and fix every single bug ever in a finite time frame (I hope I don't need to discuss the halting problem with the Slashdot crowd, here).
That said, acting the way these researches are is never going to improve the situation for either side in this argument. While it may feel good to the self-righteous slashdot crowd, that's cold comfort to the teams who were planning how to juggle security/features going forward, and had the rug ripped out from under them and now have to rush out a fix with less testing than is normally done. (This is precisely what a HotFix is, an under-tested patch that doesn't meet the full-standard for "we support this 100%"). For a company that prides itself on back-compat, and selling to companies that do their own staged-rollout, a month or two's delay before the release is minor. And some bugs are just less important.
I wouldn't be surprised if the bugs that had been 'sat on for a year' are some of the more obscure special case bugs, and aren't part of the common configuration, and that there's some grandstanding going on, which ignored prioritization completely, just because it was these researcher's claim to fame.