The current brouhaha is regarding a vulnerability in the skinnability feature of Media Player 7. Georgi Guninski notified Microsoft of the bug on January 11 and went public just 2 business days later via BugTraq.
This isn't the first time the vendor and freelancer have butted heads. In fact, the community has, at times, criticized Guninski for this very issue. Michael Aldridge, a lead product manager at Microsoft, was quoted as saying, "It is simply not possible for any vendor -- even Microsoft -- to develop a high-quality patch in only a few days. Our focus is making sure we deliver a complete patch and that does take time and testing." Certainly he has a point with a statement like that, and it's not in dispute that the community is best served by complete and timely patches.
BugTraq is probably the premier location for security professionals and crackers alike to share information about vulnerabilities in products and techniques. Back in November of 2000 there was a short but fiery debate centering around yet another of Georgi's disclosures and the growing trend of narrowing notification windows. This thread highlights some of the issues surrounding short notification windows, their potential harm, and one individual in particular who some feel is targetting Microsoft, and Internet Explorer in particular, as a way of garnering favor for his employer, rival Netscape Communications.
Georgi Guninski has always claimed, and continues to claim, that he does his best to work with Microsoft when a vulnerability is discovered, and also claims they have an outstanding report from him since July 2000 which has still not been patched. "I totally do not agree with Microsoft's speculations that I am the problem for their buggy software. In my opinion they do not care about the security of their customers as they claim, they care about their image in the press," says Mr. Guninski.