What I'm wondering these days is why Microsoft allows IE to be so unpatched all the time?IE is to most people is Microsoft. It is the face of Microsoft's security efforts. Forget the billions of dollars spent on security over the last few years. Forget the incredible successes of IIS 6, W2K3, XP SP2, SQL, and a hundred other products. IE gets exploited monthly. Currently 23 of the 93 vulnerabilities remain unpatched (according to www.secunia.com). That percentage hasn't changed much over the years. It is the one fact that I cannot dispute with critics. I have to shutup and just acknowledge it. No other browser has similar statistics.True, most unpatched vulnerabilities are non-critical. But a few are somewhat concerning, even though they are ranked un-important by Microsoft.If IE is the face of Microsoft to most people, and especially to its critics, I constantly wonder why Microsoft doesn't make better efforts to secure IE? Forget the idea of somehow making it more secure by default, I'm talking about fixing more known holes quicker. I can only assume that IE's product managers have made a cognitive decision to accept 25% outstanding vulnerabilities as a reasonable benchmark and risk-analysis cost benefit. A Microsoft effort to be more timely overall on IE vulnerabilities of all types would do much to further Microsoft's growing security reputation. And I've somewhat given up having IE 7 being the pancea as most of the recent exploits work in IE 7 as well as they do in IE 6.Just hoping one day.