The OpenBSD team has won an award for the most spectacular “mishandling” of a critical security vulnerability.
The OpenBSD team refused to acknowledge the bug as a security vulnerability and issued a “reliability fix” for it. A week later Core Security had developed proof of concept code that demonstrated remote code execution. Read the full timeline and quotes in the Core advisory.
More Here