Very good points, BTW. And these are certainly factors which, I'm sure, other companies are also susceptible. :-) - ferg -- Hank Nussbacher <hank@efes.iucc.ac.il> wrote: [re: http://www.cisco.com/en/US/products/products_security_advisory09186a00805e32...] [snip] Cisco acquired Protego in Dec 2004 and thereby acquired MARS: http://www.infoworld.com/article/04/12/20/HNciscoprotego_1.html Cisco didn't put it in there - they bought the bug for $65M. :-) [snip] I think Cisco just doesn't check the product closely enough and trusts the R&D coders and doesn't introduce an external security QA to the product being purchased. -Hank -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net ferg's tech blog: http://fergdawg.blogspot.com/