>Suppose a company religiously subscribes to MS's security bulletins. Suppose that company suffers a loss due to a security hole. Suppose MS knew about that hole prior to the company's loss, but didn't disclose it.

Suppose a bug was found every month and every single one included exploit code. We just take that code, pop it into our virus generator (there are such beasts) and now we've got a much larger problem on our hand occuring much more often and cause much more in time and money globally. Thats why I think that full disclosure is not cool.

Regardless of that, it doesn't answer the question I asked Jerry, which is why he thinks he has the right to know whats going on internally at MS as far as bug reports go. Yes, it would be nice if you could always get the inside scoop. That doesn't mean its right.