>>History of Full Disclosure
>
>Uh oh...
>
>>The problem with this system is that the vendors didn't have any motivation to fix vulnerabilities.
>
>So two wrongs make a right? Thats not logic, Jerry. And besides, as I've said before, I don't think this is the case, its been changing for the last couple of months. MS has some major competition on the server end and alot of critisicm for their security policies as well. Times are a changing; if you can, see if you can take some peeks at IIS6 betas.

So you admit that vendors lying, denying or sandbagging on bugs and security holes is a wrong. Good for you! You are halfway to the truth. Now, the other half is that you, your customers, me and other consumers have the RIGHT to be fully informed about potential bugs and security holes in software we purchase as quickly as they are learned about, not at the convenience of the vendor. Certainly not at pleasure of their bottom line. If they can't or refuse to produce secure code in a timely manner, or fix revealed bugs the same way, they don't deserve to be in business. Someday soon something I protest will take place: Lizard lawyers will find a way to sue MS for their product liability the same way the auto manufacturers are being sued, and for the same reasons. Not that it is bad for injured parties to obtain relief, but that the results will be a feeding frenzy similar to the Tobacco decisions, costing all of us a lot.


I see only one wrong, Mike, the willingness of a vendor to treat its customer base like Mushrooms. Change in the last few months is right. Every since that Microsoft learned, in August, that the 'settlement' would have less effect than a wrist slap, they have returned to their former ways. Their attempts at cohercing the PC vendors to prevent alternate OSs from appearing on the Desktop, their attempts to nullify 1st Amendment rights in their EULAs, to name just a few irresponsibile behaviors, and now the arm twisting of a few security organizations could only be attempted from a monopolistic position.

But, this is old ground, and not worth rehashing. Time will tell if the PC and programming industry gets forced into an 'appliance' box surrounded by "Intellectual Property" patents protecting 'innovation' and metering the air you breath, or if the explosive freedom and liberty of the pre monopoly days returns. Needless to say, regardless of what happens here in America, it looks like the member nations of the European Union will secure for themselves a different future. One I envy. It is interesting to note that while Linux, KDE, GNOME and countless other projects are supported by coders around the world, they had their beginnings in the EU. The "innovation" that occurs here gets swallowed into a certain OS, stifling further work except in nich markets.