>>>FWIW, we write software that alot of people used. If someone reported a bug to us that said one of our calculations was off, thats something we want to fix, not something we want to be critized for.
>>>
>>>If there is a security bug in IIS, if I were MS, I'd rather fix the bug and release patch instead of creating a Code Red scenario every 2 weeks. And, as a user of Windows and IIS, I'm glad we don't have a code red every two weeks.
>>
>>Great point.
>
>The IIS issue may be a great point, but VFP ain't IIS and there are no CodeRed-like worries with VFP!
>As to the other point, Fox Software didn't suffer any ill effects from making its bug list public. In fact I bet that that very fact attracted users rather than deter them.
Whether I want full disclosure depends on the situation. For VFP, yes I would like to know what to look out for and have that in KB articles and an Index. When it comes to software bugs where disclosure would be a red flag for hackers, I want a patch and immediate availability instead of disclosure first.
Mark McCasland
Midlothian, TX USA