Not to sound to pro-MS, but if they are going to sue, they should be able to sue ALL software makers. And what does that do to open source? Apache, MySQL, OpenSSH, etc have all had their problems. Should we sue the nail gun vendor because some moron shoots himself in the head with it? No. It was never designed for flicking flies off his forehead. And they said, don't use for anything other than nailing stuff together. Likewise, MS told people six months ago to fix the hole. "Lack of planning on your part does not constitute an emergency on my part" was once told to me by a wise man. At some point, people have to take SOME responsibility for their organizations deployment of IT assets and systems. Microsoft is the convenient target right now because they HAVE assets to take. Who's going to pony up when Apache gets sued and loses. Hwo do you sue Apache, or how do you sue Perl, because, afterall, it has bugs. Just because you give it away shouldn't isolate you from liability.
Eric
Similarly, you _pay_ MS for a product. A product which is repeatedly vulnerable. You don't typically pay for Apache. If you pay for a closed-source product, security should be part of the price you've paid. If you acquire an open-source product, you either accept the limitations or you pay to have someone check it over, which is possible, since it is open-source. Some companies which believe certain open source products perform better than certain other closed source products, do just this. They pay someone to support that product. If you only use open-source, or non-commercial closed-source (probably the most dangerous) because it is cheap/free, then you get what you pay for.