Herb Peyerl <hpeyerl@beer.org> wrote:
> Mihai Chelaru <kefren@netbastards.org>  wrote:
>  > Anyone read this ? 
>  > http://www.eweek.com/article2/0,3959,809353,00.asp?kc=EWTH102099TX1K0100487
 
> Don't know about an 'official position' but:
> 
> http://www.kb.cert.org/vuls/id/JPLA-5BGP2H
> 
> We should have a group in charge of responding to this sort of 
> thing in a timely manner.  6 months without a response doesn't
> seem compatible with the term 'timely' although I spose it's
> possible that there was some error along the way somewhere which
> resulted in our security team not being notified.

We should check with SO to see if CERT contacted them, and if so, why
they didn't respond (or, assuming they responded, why CERT doesn't show
the response).

-Jan

-- 
Time is an illusion, lunchtime doubly so.