..and of course:

"Cisco Denies Router Vulnerability Claims"

[snip]

Of course. That's how a broken vuln system works. :-) The major flaw is that the vendor decides who gets to know about a vulnerability. This causes an insecurity in "the system" because $vendor is dealing with people usually more qualified than themselves to make a decision on who needs to know and make one independant of revenue<-- . $vendor is probably not the best person to decide who gets on the secret-15 lists et. al. -M<