The problem is, how many people believe MS puts out bad software? It never ceases to amaze me that no matter how many IT shops I go through for various reasons and no matter how many problems they've had with MS software, they still consider it to be top notch. They don't even believe there's a problem.
I think part of it is because its a standard. Even if its a low standard it still exists and that makes a big difference. Hell, I do a lot of work to put on conferences several times a year (If any of you have been to an I2 Joint Techs meeting I was the guy hassling people for presentations) and am in charge of presentation wrangling. I decided quite a while ago that presentations had to be in Powerpoint 97 format. This wasn't because I love PP97 or because I don't know about magicpoint or other presentation software. Its just that PP97 is relatively universal, my admin staff can work on it (reviewing it from problems, converting to HTML, whatever) without issues, and I know that in almost all cases it will function as expected. Its a crappy standard but standards are useful. I'm not saying this is where things should be or that the excesses and failures of Microsoft are excusable. I'm simply being pragmatic.
A check in the mail would be a better incentive to administrators than "automatic" updates.
I think this is flawed.
I'm also not sure how the logic works. If MS had to send me a check everytime they screwed up and it possibly cost me some time I'd never install a patch.
Because as long as humans write code and make silly mistakes you will continue to see security vulnerabilities. It's not just a Microsoft problem. It's a Microsoft, Linux, *BSD, Solaris, Cisco, <insert vendor name here> problem.
Its also just a problem of *never* being able to plan for all possibilities in a test environment. Its impossible to do this. Hell, most of the people doing research in networking are really just trying to figure out what the hell we've actually created. The behaviour we see in a lab, test network, or elsewhere doesn't necessarily predict how a given piece of code will interact when released into the wild.