Garrett D'Amore wrote:
> For example, getting early security notifications and coordination from
> CERT may require someone from the organization to sign an NDA.
Security notifications before public announcement are one of the few noted
exceptions already. (Though I can't remember the last security notification
I saw come in for X from CERT - they seem to be ignored now by much of the open
source community at least, who prefer true confidentiality, not "we'll keep it
secret except from those who buy early disclosure from us".)
--
-Alan Coopersmith- alan.coopersmith at sun.com
Sun Microsystems, Inc. - X Window System Engineering
