Anyone really interested in getting zero day exploits to use for evil purposes has always known that the second best way to do that, right after hiring a black hat to find them, is to intercept priority communications between people who respond to “responsible disclosure” incidents.
Microsoft cannot control the spread of vulnerability exploit information. Everyone can defend against a serious threat if they know it exists, whether or not there is a vendor patch, third-party security product, or workaround remediation/defensive configuration possible. “Responsible disclosure” has never been responsible. It has always been a clever manipulative tool to expand the economic importance of certain people's business agendas. Just look at where the founders of “responsible disclosure” have gone today... The only fair disclosure policy is full disclosure. Regards, Jason Coombs [EMAIL PROTECTED]
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://www.secunia.com/
