> Worse than that, lets say they tell you a hurricane is coming, but
> don't tell you from where? Lets say that what you guess is a better
> location is a worse location?
I think this is a pretty poor analogy, but anyway....
The major problem I see with giving "authorized" people the insights to
vulnerabilities is there are a number of people wearing 2 hats. Valid
admin's working for a company, while at the same time trying to (personally
or professionally) break into a competitor.
Corporate espionage would come down to a race condition.
CERT sends out a warning.
Sysadmin at a site in NYC gets the warning at 8:00am EST.
He gets the specifics, and then turns around and breaks
into his competitors site on the west coast before they've
even had breakfast.
While I would love to know security problems out of both need and curiosity,
I'm glad the information is not readily accessible.
com John A. Murphy (better known as Erin's dad)
345 Scarborough Road
Briarcliff Manor, NY 10510 One one-trillionith of a surprise: picaboo