[forgottenpass]

They chose to withhold that patch due to non-technical, apparently PR-related, reasons

Do you know that, it is it just speculation? I could speculate that there were technical reasons around having two smb patchsets to test in various combinations vs bundling into one.

[true_religion]

The cynical answer would be: try harder Microsoft, and do not let your customers remain vulnerable simply because you can't test two patch-sets at the same time.

If 'trying harder' is not possible due to financial reasons, then the only recourse is disclosure.

This bug will be fixed now, but certainly could have been excluded again because of technical reasons---they're publishing a separate set of patches on SMB again soon, maybe those patches have higher priority to people on the Microsoft org-chart than the patches for this bug.

When companies aren't given hard deadlines for disclosure, they'll just delay forever because there is always a technical reason that you can't do enough testing to satisfy yourself, while doing X, Y, Z which are added to your schedule for political/financial reasons.

[EdHominem]

Why do they deserve the benefit of the doubt when their press release contains actual lies? When someone lies to me everything they say becomes suspect. It's the standard we expect individuals to live up to, why do you want to give more slack to a company?

Further, so what? There's always some problem. They should either suck it up and work harder or come clean and give users actual choice in how to respond.

[forgottenpass]

Why do they deserve the benefit of the doubt when their press release contains actual lies?

I didn't say they do. I responding to the parent post on the bit I quoted ("They chose..."). If it's irrelevant under other precondition, take it up with the parent post.