> . . . I'm optimistic that the typical time between bug discovery >and widespread bug fixing may drop from years to months. Maybe even, >with work, to weeks. Once lots of people are exploiting the bug, I >think keeping it out of system administrators' hands changes from >well-intentioned foolishness to seriously irresponsible, destructive >behavior. > >This, as best I recall, is why the bugtraq list was started. Right. And Pauls point was that having CERT is better than not having CERT. It fills a function, but not the function that bugtraq fills. Bashing CERT isn't part of bugtraqs function. Maybe we need to require all postings to report an open hole. :-) ObBugReport: NIS.