Because Nvidia totally ignored the issue even when people notified them of the vulnerability.
If this was in open source driver, then it would have gotten fixed as soon as possible. When notified, there would be a fix hours later.
How is this an explanation for the fact that any software could have undisclosed vulnerabilities for years?
Also, remember the Debian openssl thing? They were applying the bogus patch for almost two years, before someone discovered the issue. And that was open source software!
I'd say it's not unlikely that certain someone didn't actually report it or reported it to the wrong person, so the information wasn't actually forwarded to the development team.
No a certain someone did report and did report it to the right mail alias, thinking that would inform nvidia off the problem, hey why else would you have an advertised security alias. However it seems that nobody was informed of the problem in nvidia despsite me following their advertised procedures.
So yes the first they knew of it was when it went public, on f-d, but not through lack of trying on my behalf.
well i am not an Nvidia fan or AMD for that matter, but i run an amd laptop because i bought it cheap if i knew intel will invest so much time in their open drivers i would have waited and got an SandyBridge machine. In my opinion amd and nvidia ignore alot of bugs that are reported directly to them and pretend they didnt hear didnt happen and so on. As i said it many times i sincerely hope Intel pulls on Haswell and IGP capable of competing with AMD and Nvidia discrete cards, like that i can finally buy a fully opensource machine.
P.S on my desktop nvidia 8400gs card worked without a problem with any distro and driver