Why is public image is more important than customers?

I don't think this is a new problem or even one that's new to the blogosphere:  businesses, like Cisco and Microsoft, treat their public image as being more important than the security of their customers.  This doesn't really surprise me and probably shouldn't surprise anyone else in IT either.  Public image is more important because it affects the people who aren't yet customers but might be, while treating current customers poorly doesn't affect the bottom line for a long time to come.

Take Microsoft for example:  where else are you going to go?  Seriously, most companies won't be switching off of a Microsoft platform any time in the next five years, if ever.  They've got a stranglehold on most businesses and they know it.  So for them to neglect to tell customers about vulnerabilities is a simple business equation:  what are the chances it will become a story, how much of an impact will it have on their public image, and does the chance of a story times its impact exceed the impact of telling customers outright.  Most of the time it's worth taking the chance that no one will talk about the bugs, or if they do that it will be swallowed up by the general background noise.

If you want your software and hardware vendors to start notifying you immediately when there's a vulnerability or issue you have to change the equation.  If vendors know that there's an increased chance that hiding a vulnerability or incident will lead to an increased chance of bad PR, they're much more likely to be up front.  The blogosphere has done a lot to change this over the last few years, but there's always more to be done.  Start your own blog, comment on a friend's blog or write to a reporter, do whatever it takes to get the information out to the public.  That's what it's going to take to make companies like Microsoft and Cisco think twice before hiding an incident or vulnerability.