So who’s to blame for the current state of affairs? Vendors blame irresponsible
researchers, and some researchers blame the vendors. While there are bugs being found,
researchers will always seek to earn money from them. They’ll sell them, or use them
for marketing purposes; nothing says “look at me” like a zero-day in Windows.
Until that changes, the security industry will look like the Wild West for a long
time to come. For now, it’s the users left in the middle.