patrick@cybernothing.org (Patrick Greenwell) writes:
hiding it DOES however make it harder for people (including network owners) to do surveys.
By the same token one might argue that atempting to hide vunerabilities to those paying you for "early warnings" doesn't help at all.
Wrt the bind-members forum being discussed to death elsewhere, nobody can pay for early warnings. CERT will still be the source of early earnings. What people can pay for (bind-members participation) is the legal fees associated with NDA-level access to early fixes, if and only if they provide part of the internet's basic infrastructure (e.g., OS vendors and TLD server operators).
Just something to consider.
I promise that ISC considered everything which was relevant, which your claim above is emphatically not. (Thanks for the FUD though.)