Comment Re:Vendor's processes not relevant (Score 1) 73
When vendors say they need more time, they're asking me to leave my systems vulnerable without telling me they're vulnerable. Sorry, but no. Not, that is, unless they're willing to shoulder 100% of all the costs resulting from that vulnerability being exploited.
The bit that you're ignoring is that by telling you about the vulnerability they're also telling all the black hats about it. So while your systems are vulnerable either way, the choice is between you and all the hackers knowing or you and most of the hackers not knowing. Whether this increases or decreases your actual exposure depends on who is interested in attacking you and whether or not they already have this exploit.
While you may be capable of implementing countermeasures to limit your vulnerability until a patch is published, that doesn't mean everyone is. On balance, is it better to hold exploits close until fixes are available? There are valid arguments on both sides, but on balance I tend to side with keeping things quiet for a bit while the vendors get a fix out.