A wild software ride.

The article focuses on correcting problems that are found in various computer software. Software vendors should work with researchers who look for software vulnerabilities and that vendors should be open about the discovered problems. But when one looks at the many commercial and open-source software vendors out there, it is easy to see that there are many levels and definitions of openness. Some choose to address every single problem as it comes to light, an approach that is typical of, but not found solely in, open-source products. Others fix critical problems immediately but sit on smaller problems and fix them in big updates or service packs. Much of the discussion about these approaches tends to focus on the political issues. Vendor A might say that Vendor B's products are insecure because Vendor B issues multiple fixes. Vendor B might then turn around and say that the single service pack Vendor A issued actually fixed 50 problems that people were exposed to in the months prior to the service pack's release. But there's really no right answer when it comes to issuing software fixes.