
What I am reading is...
Waaaah Waaah Waaaahh ! We want to keep doing security through obscurity, and only disclose stuff when we have to !
Damn all this hax0rs ! They are making us throw extra resources at solving problems in 30-60 days, rather than when ever we get around to it!
I am all for security experts disclosing issues, provided they have contacted the vendor first, and given them a reasonable time frame for a fix.
Let me clarify "reasonable"
If the explore is a remote exploit, that DOESN'T require the stupid monkey user to click on an infected link, then it should be 30 days to fix.
Remote exploit stupid link clicky longer, but engineer it so it zaps the user when they click stupid links
Things like the DNS re-direct issue that forced DNSSEC to be finally rolled out..well vendors need to suck it up, fix it ASAP, and then make their customers apply patches.
That's WHY we have IT admins, and patch cycles.
Of course companies like Cisco COULD fix their firmware update process, so an IOS update doesn't brick features... or the router.