"Vendors should close all known security holes, whether publicly discussed or
not. The idea behind this is that any existing security vulnerability should be
closed to strengthen the product and protect consumers. Sounds great,
right?"
"The reader wrote to say that his company often sits on security
bugs until they are publicly announced or until at least one customer complaint
is made. Before you start disagreeing with this policy, hear out the rest of his
argument."
Article Link: http://www.infoworld.com/article/07/05/11/20OPsecadvise_1.html
