Gary McGraw wrote:
> The main thing I wonder is, what do you think?  When you have a hot
> demonstration of an exploit, how do you responsibly release it?  What
> role do such demonstrations play in moving software security forward?

To pick one extreme, I believe there are times when intentionally 
blindsiding a vendor is appropriate:

Secure Coding mailing list (SC-L)
List information, subscriptions, etc -
List charter available at -

Reply via email to