Let me point everyone to this incredible timeline: a major security hole was fixed in Mozilla within 36 hours.

Before the vulnerability was known to the public for 24 hours, Mozilla had released updated versions of its poducts and patches for users running previous versions

In the course of less than a day and a half of public vulnerability, all Mozilla versions were updated, a security note was released, and new downloaders were secure by default

This is the kind of response that most companies could only dream about, and here we are talking about a distributed, largely volunteer enterprise. This is worth benchmarking against.
BlogSac :: Mozilla Vulnerability Timeline