> >At least you can't use CERT's advisory to crack root on a site, and wipe >out important files; 8lgm's advisories were, and in fact are being used >for those purposes as well. Wrong...I've used the information in CERT advisories to give me a good idea where and what I'm looking for. I've "reverse-engineered" so to speak a fair amount of Cert's announcements into actaul problems I could show people around here. All Cert's announcements do is delay the time people get to even know a bug exists....I'm not really for the 8lgm concept completely, but at least there they don't feel this overwhelming need to not hurt the various manufacturers feelings.... James