charlequin
Banned
If Microsoft is insecure, move to *nix.
This is absurd. Your advice to millions of companies with millions of users worldwide is to spend billions of dollars and immense work-hours revamping their entire infrastructure every time an OS vendor makes a bad call in prioritizing vulnerabilities? I think your position reflects that you're trying to protect one particular thing (companies' absolute control over their own systems) without considering the broader implications. If you think about the actual results of what you're proposing it becomes obvious pretty quickly why it is not viable.
Again, this is not an issue that's under any serious debate; these best practices are well established and agreed upon by security researchers all over the world.
I just think that making the exploit public doesn't help Valve to fix it.
This is incorrect. If it's a simple, five minute fix (which this one is), it forces Valve's hand and makes them properly prioritize the fix. If it's a complicated one, it gives Valve (or whoever) access to the community resources needed to fix the problem more quickly, as has happened with major encryption exploits we've seen in the past. Either way, responsible public disclosure almost inevitably has a positive security impact compared to keeping quiet about a vulnerability the vendor has refused to fix.