If the flaw affects the safety and well-being of customers, surely they should be informed as soon as the problem has been identified. It is, after all, the natural response people would expect from a responsible manufacturer.
In the car industry, when the Mercedes A-Class failed the elk test - the car rolled when forced to avoid a stationary object such as an elk on the road - Mercedes spent a vast sum of money fixing the problem. And it produced a car that would keep its customers safe in the unlikely event of having to confront large mammals.
Does the software industry behave in such a responsible manner? Not bloody likely. Not only do users have to put up with second-rate software that has not even passed rudimentary levels of quality assurance, but they are not told when things go wrong. Users are also asked to consider bugs a necessary evil of the fast pace of IT development. They are not.
The IT industry really has a lot to answer for. It warned of the risk of a Y2K catastrophe yet, at the same time, developed hardware and software that still lacked proper date handling. This is unforgivable.
Last week Computer Weekly learnt of a security hole in Microsoft Internet Information Server 4.0. The Web is extremely important for business users. A bug on a firm's Web server could seriously damage their Internet-based business and ruin their reputation. For more than a week, Microsoft failed to publicise the problem or produce a fix. This simply isn't good enough.