Sounds a bit too Microsoft to me
It's always been the Microsoft way to dawdle over fixing security holes that they *think* aren't known about in the wild.
Remember a few years back when Google went public on a flaw because Microsoft were doing nothing to fix it weeks after Google had informed MS of the existence of the flaw?
Microsoft have actually admitted in the past four knowing about security flaws, but not fixing them as the were no known exploits in the wild.
It sounds to me that for all his rationalising Torvalds is heading down the same dangerous route.