The Washington Post spent the New Year break compiling statistics on how long it took Vole to issue patches for security flaws in their products in 2006.
The Post contacted nearly all of the security researchers who submitted reports of critical flaws to see how long it took Vole to respond.
The result was that for nine months of the year, Vole knew about exploit code for unpatched critical flaws but sat on the cure.
There were at least 98 days last year in there were no software fixes for flaws that Vole knew were being used by criminals to steal personal and financial data.
Ten times instructions detailing how to fix "critical" bugs in IE were published privately online before Microsoft had a patch.
Firefox only had nine days in which exploit code for a serious security hole was posted online before Mozilla got around to fixing it problem.
More here. µ
Sign up for INQbot – a weekly roundup of the best from the INQ