rabbi@quickie.net wrote:

Bruce Schneier has a very good piece about this. In it he condems publishing exploits, and *demands* that those who find exploits give the vendors ample time (not just a few days) to fix the hole.

Fine. Then let's have two announcements: A hole has been discovered in X which allows [basic description of the security violations]. Please disable it until a patch is available. and the standard one, with an in-depth description of the problem and patches (and expoits if you aren't idiologically opposed to them). If all the locks are broken, it would be wise to tell those living in the subdivision to stand guard with a shotgun until the lock can be fixed. Pete