What could have been done differently?

Not to sound to pro-MS, but if they are going to sue, they should be able to
sue ALL software makers. And what does that do to open source? Apache,
MySQL, OpenSSH, etc have all had their problems. Should we sue the nail gun
vendor because some moron shoots himself in the head with it? No. It was
never designed for flicking flies off his forehead. And they said, don't
use for anything other than nailing stuff together. Likewise, MS told
people six months ago to fix the hole. "Lack of planning on your part does
not constitute an emergency on my part" was once told to me by a wise man.
At some point, people have to take SOME responsibility for their
organizations deployment of IT assets and systems. Microsoft is the
convenient target right now because they HAVE assets to take. Who's going
to pony up when Apache gets sued and loses. Hwo do you sue Apache, or how
do you sue Perl, because, afterall, it has bugs. Just because you give it
away shouldn't isolate you from liability.

Eric

Similarly, you _pay_ MS for a product. A product which is repeatedly
vulnerable. You don't typically pay for Apache. If you pay for a closed-source
product, security should be part of the price you've paid. If you acquire
an open-source product, you either accept the limitations or you pay to
have someone check it over, which is possible, since it is open-source.

Some companies which believe certain open source products perform better
than certain other closed source products, do just this. They pay someone
to support that product.

If you only use open-source, or non-commercial closed-source (probably the
most dangerous) because it is cheap/free, then you get what you pay for.