[santacluster]

The "second-tuesday-of-the-month" policy is a completely arbitrary MS-only policy.

If Google (or any other group that discovers security issues) has to take into account every policy of every software producer it becomes utterly impossible to have any disclosure policy.

If MS wants to handicap themselves, that's their problem. The rest of the world doesn't have to bend to their will, those days are over.

Yes, this is about being an ass. And it's Microsoft that's being an ass by claiming the rest of the world should take into account their peculiar policy.

[Beltiras]

The patch-day policy is not for Microsoft, it's for sysadmins who maintain the installations.

[eropple]

Have you ever managed a nontrivial installation of user-facing desktop systems? 'Cause if not, declaring the policy of a predictable, telegraphed-well-in-advance day on which security patches will drop "peculiar" kind of just reveals where your head's at.

[jenscow]

The rate at which security vulnerabilities are reported/abused isn't predictable.

Please don't sit on a fix until the time is more "convenient", give it to me now and let me be the judge on how important this security patch is to me.

[Robin_Message]

Because the patch can easily be reversed into the exploit, it has to be convenient for everyone in the herd to apply it at the same time unfortunately.

[itg]

The "90 days" policy is a completely arbitrary Google-only policy. There is no reason they couldn't wait a bit longer before disclosing.