"This bug is subject to a 90 day disclosure deadline. If 90 days elapse
without a broadly available patch, then the bug report will automatically
become visible to the public."


I think this is perfectly reasonable.

However, they probably could have allowed a day or two for the fix to come out on Patch Tuesday.

Then again, why do MS have to wait until Tuesday?

I've no idea. It doesn't happen with Arch

You recall there is the Right Way and the Army Way? Substitute MS for Army and you have the answer...

Oh, the world ended before the fix could be released? darn...

I guess for me it depends on how long it could take to fix a bug like that. 90 days is probably enough time to fix most bugs in most projects, but is 90 days always enough time? That part of the OS could be really complicated and affect loads of different things. It's difficult to know if Microsoft could have done it sooner or not, we're all just guessing really, (but Steve might actually know)!

If Microsoft could have released the patch ahead of the deadline but didn't just because they didn't want to be seen to be bowing to Google, then that's pretty pathetic. They're lucky they got a quality bug report in the first place - if it hadn't been reported by Google and the first they heard of it was some exploit in the wild, would they patch as soon as they could, or wait until Tuesday?

It's like a corporate game of chicken...