@n3td3v
Microsoft *never* said "no" to mr. Ormandy. This is what happened:
1) Ormandy reported vuln to MS on a saturday, informing them that he expected them to commit to a 60 days deadline for a patch.
2) Tuesday (a busy patch tuesday) MS got back to Ormandy and told him they would be able to lay out at schedule with him the upcoming friday - after having analyzed the problem.
3) Wednesday Ormandy went public. He also designed a "fix" - which ironically validate the concerns that a rushed fix may do more harm than good, since his fix was ineffective an easily circumvented according to independent security company Secunia.
4) Within 6 days real attacks commence. Attack code show parts of Ormandys proof-of-concept code has been copied.
And then your claim that Microsoft will sue. Microsoft has never sued a researcher, nor have they indicated any desire to do so. You are spreading FUD.
The best of ZDNet, delivered
ZDNet Newsletters
Get the best of ZDNet delivered straight to your inbox
