Mark Cox of Red Hat has published a blog entry that identifies how they learned about vulnerabilities in their products:
http://www.awe.com/mark/blog/security/200603211056.html Note his disclaimer that "we only list the first place we found out about an issue, and for already-public issues this may be arbitrary." Due to the nature of the data collection, it can't be determined how much they were notified by researchers who went through other channels such as vendor-sec. Still, it's an interesting breakdown, and it would be nice to see how other vendors learn of issues. - Steve _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
