Short story - Microsoft had a security bug in it's code that shipped with a version of Visual Studio. A researcher reported it, but M$ didn't fix it immediately. They eventually fixed it silently, but didn't tell anyone about it. Trend Micro, one of the top antivirus vendors, used the vulnerable code. Now, hundreds of thousands of installations of a software product have a security hole all because the original vuln was patched silently. Yay for corporate policy.