I have just been looking at some of the comments to Mary Ann Davidsons news article written last week titled "When security researchers become the problem
". Someone made me aware of a response to the article and said to go and read it. The comment I was directed at was in response to another comment, so let's talk about this comment first. This is titled "After fact article about Michael Lynn?
" posted by Walt. I think Walt is not up on current Oracle security events as he assumed that Mary Ann's article is about Michael Lynn going public about cisco bugs. I am not certain she is actually talking about Michael Lynn at all but all that said Walts final comments that it is the vendorís responsibility to offer patches quickly is the key. The comment I was pointed at is written by Rogue Shoten and is titled "Half the story
" which takes an interesting angle on the issue of information disclosure.