Picking your Vendors

I recently commented on a report regarding a security flaw found in Gmail.  What I was impressed was is how fast Google patched the hole.  They were notified and confirmed the issue on a Saturday and had it patched by Wednesday.  Why is it so difficult for other companies like Apple, SonicWALL, and others? One comment I included but was removed by the magazine was an example with SonicWALL.  SonicWALL has a major known vulnerability in their operating system that allows malware to slip right through 2 different ways and gain complete control over a remote system.  Not only does it remain unpatched, the marketing department uses the speed increase from the hole as a benefit.  They even gave it a name and a logo.

Apple will never fully disclose their issues.  They bundle the fixes in large single updates.  Microsoft is much more transparent about it as they break theirs up into individual fixes and explains what each issue is and the fix, yet they are still criticized.

My point is not to pick on certain companies or turn this into a Microsoft vs. Apple fight.  My point is that security issues will happen.  How a manufacturer, creator, vendor react to it is the key differentiator.  Maybe we should focus more on the reputation a company has with fixing issues rather than if they have issues at all.