I think people are forgetting some of the concerns that CERT
works under. Were I in their shoes, I would be pretty scared of
announcing to the world "Hey everyone, you can break into any Sun by
doing XXX". What happens when the ABC corporation (after getting
trashed by someone who read said message) is looking for someone to
sue?? I'd hate to be counsel for CERT in that situation. And what
about all of the sites who's admins aren't on top of security issues??
My personal opinion is that CERT does a fine job.....at what
it does. Recent discussions here indicate a popular desire for
"more". I agree with this, but feel we should be careful about
bashing CERT for failing to exceed its (extremely limiting) charter.
The above opinions are not necessarily those of any of my employers,
past or present.