On Dec 13, 9:04am, James M. Chacon wrote: : : ....I'm not really for the 8lgm concept completely, but at least : there they don't feel this overwhelming need to not hurt the various : manufacturers feelings.... 8lgm gives the vendor some "incentive" to correct the problem in a timely manner, unlike CERT where the problem is reported only to the affected vendors. We never hear a peep until (a) we find the same bug as a result of a breakin of our site, or (b) CERT announces that the vendor (months/years later) has a fix available. Sorry folks, I'll take (c) 8lgm (or equivalent) providing full disclosure. The initial announcement means a scramble to disable/work around the problem, but at least I know if my systems are vulnerable. -- Jim Littlefield "I've got a bad feeling about this..." -- Han Solo <little@hks.com>