>>I would be extremely surprised if anyone answered other than full disclosure.
>
>Consider yourself surprised :-)
>
>FWIW, we write software that alot of people used. If someone reported a bug to us that said one of our calculations was off, thats something we want to fix, not something we want to be critized for.
>
>If there is a security bug in IIS, if I were MS, I'd rather fix the bug and release patch instead of creating a Code Red scenario every 2 weeks. And, as a user of Windows and IIS, I'm glad we don't have a code red every two weeks.
Great point.
Mark McCasland
Midlothian, TX USA