There are a couple disturbing issues here.
1. Software releases built on or after January 28, 2009 have already fixed the issue. So the fix has been out there for a year - if this is still a problem, then the ISP is at fault for not upgrading their software, not Juniper. Now granted, updating software on major network/ISP routers is a big ordeal, but a year is long enough to schedule the outage and do the upgrade.
2. I don't think the Microsoft comparison is a fair comparison. First, the goal of keeping these vulnerabilities secret is to minimize the information getting to all the wannabe
hackers out there until a fix could be developed and pushed out. The problem with MS in the past was XP. XP was designed (at user request) to support [unsafe] legacy (DOS Era) and expensive hardware and software. Security was not that big a deal for home users when XP was created. High speed access to the home was almost non-existent. The problem with MS was their PR people trying to spin the story when it broke when they should have just been straight with the public. The "cover-up" is almost always worse than the actual crime.
In this case with Juniper, it says,
only our customers and partners are allowed access to the details of the Security Advisory
I see nothing wrong with that - AS LONG AS that information is readily available to those affected. Customers should notified, and not find out by reading a press bulletin.