Mind you, this was two weeks before we learned, via a report by Bloomberg's Michael Riley, that Microsoft deliberately delays patching security holes in its software so the NSA can patch its own systems and exploit the vulnerabilities elsewhere.
In a massive Patch Tavis -- er, Patch Tuesday -- last February, Microsoft swatted 57 bugs, more than half of them identified by researchers at Google. The search giant is clearly fed up with cleaning up Microsoft's mess. Can you blame them?
Blowback for the whistleblower
Ormandy's situation is analogous to that of the Whistleblower of the Year, Edward Snowden. Frustrated by attempts to go through established channels of disclosure, knowing that such efforts would be at best ignored and at worst punished, both men went public with the information. And both have been criticized or lionized in roughly equal measure.
Let's say you're a hot-shot security researcher and you discover a big, fat bug in Windows that will allow the bad guys to do bad things. You know Microsoft is going to let the NSA have its way with that hole and it could be months (or decades) before they do anything constructive about it. Meanwhile, hackers at least as smart as you may have already discovered the hole and are mining it for all its worth. What would you do?
Not an easy question to answer, I think. But one we'll all be faced with more and more as time (and Windows) wears on.
Would you go public with exploits, knowing you're helping cyber fiends in the process? Or would you privately disclose and wait? Post your thoughts below or email me: firstname.lastname@example.org.
This article, "Google to Microsoft: Patch faster, you slowpokes," was originally published at InfoWorld.com. Follow the crazy twists and turns of the tech industry with Robert X. Cringely's Notes from the Field blog, and subscribe to Cringely's Notes from the Underground newsletter.