>>Suppose a company religiously subscribes to MS's security bulletins. Suppose that company suffers a loss due to a security hole. Suppose MS knew about that hole prior to the company's loss, but didn't disclose it.
>
>Suppose a bug was found every month and every single one included exploit code. We just take that code, pop it into our virus generator (there are such beasts) and now we've got a much larger problem on our hand occuring much more often and cause much more in time and money globally. Thats why I think that full disclosure is not cool.
I, too, have a problem with disclosure of exploit code.
>
>Regardless of that, it doesn't answer the question I asked Jerry, which is why he thinks he has the right to know whats going on internally at MS as far as bug reports go. Yes, it would be nice if you could always get the inside scoop. That doesn't mean its right.
Yes, it does answer the question. The answer is, the courts will eventually decide, not you, Jerry, I, or MS.
Regards. Al
"Violence is the last refuge of the incompetent." -- Isaac Asimov
"Never let your sense of morals prevent you from doing what is right." -- Isaac Asimov
Neither a despot, nor a doormat, be
Every app wants to be a database app when it grows up