Comment Re:Responsible Behavior? (Score 1) 423
Of course you can release whatever Informatioin you got (as long as you obtained it by yourself). What i meant was, that if you want a timely and well tested fix, you should talk to the vendor and not just release stuff.
As i wrote in another post, Lynn used ISS ressources and extra connections to find this problem (however it might look) and than decided to go on his own. Also, as i posted before, ISS is a competitor of cisco and actually needs the publicity.
I mean, cisco publishes a whole lot of advisories. They also (and they are afaik the only networking vendor who does this) openly publish their bug database (And yes, they call it "Bug toolkit" and not feature toolkit :-) ). Other vendors are actually using it to talk bad about cisco at customer sites (they quote bug reports while not publishing their own ones).
Also, if this really was a HW related issue, a fix will take some time. A month isn't always enough (testing etc.)
As i wrote in another post, Lynn used ISS ressources and extra connections to find this problem (however it might look) and than decided to go on his own. Also, as i posted before, ISS is a competitor of cisco and actually needs the publicity.
I mean, cisco publishes a whole lot of advisories. They also (and they are afaik the only networking vendor who does this) openly publish their bug database (And yes, they call it "Bug toolkit" and not feature toolkit
Also, if this really was a HW related issue, a fix will take some time. A month isn't always enough (testing etc.)
