What's the problem anyway?

When its open source software some people are quick to argue that one of the main advantages is that possible flaws are immediately out in the open so that people can fix them. The obvious advantage should be obvious: because its open source many people can take a shot at it.

Note that I don't question this what so ever, its a simple given fact.

And the obvious counter-argument against closed software is that developers can keep stuff secret from you.

So here we are; there is a nasty issue with a remote root exploit (IMO that's the best description), a fix has long been released and now the proof of concept is in the open. Whats the problem?

Honestly; if people claim that "The risk of getting attacked became higher" then I honestly question their priorities and qualities in systems administration then and there. As sysadmin you don't gamble with remote root exploits, no matter the platform. You also /don't/ go "calculate the risks" to validate you postponing to apply the patch / update ("nah, hardly anyone knows about this. We should be safe for 2 more weeks").

What you do is take care of the problem one way or the other ASAP. This stuff should get priority. Patching, turning the service off for a while, limiting the service. Heck; maybe some people finally realize that RDP is a dish best served over VPN.

When "closed source" companies keep exploit code away from the common public they're the bad guys and when they allegedly do publish the code they're bad guys as well ?