The security world needs to take a more proactive approach. A lot of companies will know an exploit exists and they'll release the software anyways, and the patch later on. Stuff like this needs to stop. There needs to be some kind of agency that verifies code before it's released, maybe a grading system for code.