Information Week just posted an article titled "Disclosure: Security Pros Want Flaw Information Sooner" in which they surveyed 7,000 business technogology and security professionals. 66% argued for immediate disclosure upon discovery, and another 32% wanted disclosure once a patch was available, leaving only 2% who said that there was no need to disclose vulnerabilities at all:
http://www.informationweek.com/story/showArticle.jhtml?articleID=22103495 - Steve _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
