If you don’t already subscribe to Patrick Gray’s Risky Business Security News Podcast, it’s well worth a look. Paul Craig from SA is on this weeks show talking about the .NET vulnerabilities.

Since the advisory, quite a few people have asked our opinion on whether we thought Microsoft was slack in getting the patch out, given we first reported the vulnerability last year. We stick by our position that in this circumstance, we would have been surprised and worried if something had come out quickly …given the amount and complexity of work required. See SMH story also.

Paul sums up our position on some vendors in his interview on Risky Business. MS does okay!