What would the results look like if you asked a loaded question that leaned in the other direction?
"Should software vendors disclose information about software vulnerabilities to the global hacking community at the same time as all their customers who haven't yet implemented a working patch management process?"
How about this one, too, so we'll know the technical competency of the people who provide answers to the first two questions:
"Do you believe it is possible for software vendors to disclose information about software vulnerabilities to their customers without the global hacking community learning about that disclosure?"
Any answer other than "No." would prove the respondant is not qualified to give answers to such questions.
Sincerely,
Jason Coombs [EMAIL PROTECTED]
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
