[zaphar]

Not really. They aren't the ones directing customers to break their systems. They could ban anti-virus software and get slammed for being anti-competitive I suppose. Or they could try to track down all the vendors who are being stupid and ask them to please stop but that probably won't remediate it. They don't have a lot of moves here nor does the curl project.

[0xbadcafebee]

Their platform (Windows) is getting a bad reputation due to the problem they neglected to fix (shipping a "vulnerable" curl, informing users when the old curl was getting flagged). They could pass the buck but it's just going to be bad for them later when users think Windows itself has security vulns and breaks itself when the users do what they're told to do by vendors. If they don't want the bad rep, they need to be proactive and work with vendors and better inform customers. If I was the CEO I'd do something about it.