[tedunangst]

Sure, if MS promised to issue a patch in January, then go ahead and release info when they don't. But it's weird to wait for a February patch, and then release a week early.

Like I'm more or less ok with "full disclosure upon discovery" as a consistent release policy. Or "wait for a patch up to 90 days". Or several other models. "Wait until one week before patch" is an oddball policy which seems like it has all the cons and none of the pros of other models.

[pdpi]

Releasing a week early makes for a smallish window during which the exploit is unpatched and in the wild, while still being impactful enough that it forces Microsoft to react to it somehow. I'm not sure it's the Right Way of Doing Things, but it's defensible.