Not sure about the relevance of the Verve article.
My point is that Microsoft is not adhering to Information Security Vulnerability Management standards that provide timely patch fixes for remediation.
Some High Risk Vulnerabilities on Critical systems ie: CVE 9 - 10.0 are required to be fixed within 24 HOURS.
Microsoft dragging it’s feet beyond 10 days after Google notified them, and then failing to disclose the Zero day exploit to the public and provide a patch fix is GROSSLY NEGLIGENT.
Top 30 Targeted High Risk Vulnerabilities | US-CERT
https://www.us-cert.gov/ncas/alerts/TA15-119A
Maintain up-to-date software
The attack vectors frequently used by malicious actors such as email attachments, compromised “watering hole” websites, and other tools often rely on taking advantage of unpatched vulnerabilities found in widely used software applications. Patching is the process of repairing vulnerabilities found in these software components.
It is necessary for all organizations to establish a strong ongoing patch management process to ensure the proper preventive measures are taken against potential threats. The longer a system remains unpatched, the longer it is vulnerable to being compromised. Once a patch has been publicly released, the underlying vulnerability can be reverse engineered by malicious actors in order to create an exploit. This process has been documented to take anywhere from 24-hours to four days. Timely patching is one of the lowest cost yet most effective steps an organization can take to minimize its exposure to the threats facing its network.
It's relevant because such methods can be used to prove the absence of errors, a notable case is Ironsides, which is a formally proven DNS. (Their 2013 paper lists the things they were able to prove at around page 12; though the 2012 paper is a bit more explicit on how such were proven.)
The point is that we're now living in an age where we can prove properties of software in a cost-effective manner; essentially we've implemented [mathematical] theory (WRT programming) from 30 years ago, and it opens a whole new vista of software reliability.