[dogma1138]

Researchers can't necessarily actually publish "fixes", they might give some recommendations or suggestions how to mitigate it, but they might actually be unable to publish full code fixes because it's simply not their area of expertise.

Bruce Schneier for example is some one who's able to design actual ciphers and cryptographic systems, but I'm not sure if he can actually "build" them as far as software systems go. From what I know of him, his works, and from reading his books he's a traditional computer scientists and much less of a developer, and I'm really not sure if he's up to date with the current C++ language standards and compiler architectures or insert what ever language you want here, in fact I would bet my money on the fact that he isn't but he's more than capable enough to find the right people to do that work for him.

That said based on reading the audit report form the TC audit the findings are detailed enough so if you are capable of truly understanding them you should be capable of finding a way to resolve them, if not you shouldn't be developing cryptogrphic software in the first place.