>>>>Suppose a company religiously subscribes to MS's security bulletins. Suppose that company suffers a loss due to a security hole. Suppose MS knew about that hole prior to the company's loss, but didn't disclose it.
>>>
>>>Suppose a bug was found every month and every single one included exploit code. We just take that code, pop it into our virus generator (there are such beasts) and now we've got a much larger problem on our hand occuring much more often and cause much more in time and money globally. Thats why I think that full disclosure is not cool.
>>>
>>>Regardless of that, it doesn't answer the question I asked Jerry, which is why he thinks he has the right to know whats going on internally at MS as far as bug reports go. Yes, it would be nice if you could always get the inside scoop. That doesn't mean its right.
>>
>>You misstate what I said, Mike. I don't care what goes on internally at MS. But, they vend software that could put a business at significant financial or even lethal risk (USS YorkTown incident). Consumers have a RIGHT to know as soon as possible the risks associated with using specific software. All companies, not just Microsoft, that ignore, conceal or behave in other irresponsible manners, in preservation of their own bottom line and to the possible demise of their clients demonstrate an absence of ethical standards.
>>When it hits you personally and financially, and it will sooner or later, you will understand.
>
>Jerry,
>
>I agree. Remember the Intel chip problem a couple years ago?
>
>Renoir

The floating point error? Yup.