Sendmail Bug Tests US Dept Homeland Security

yanestra writes "CNET reports that the reported Sendmail bug has been a test for the US Department of Homeland Security which seems to have managed information flow in this case."

An Impressive Debut

[Hanashi]

IMHO, this was the best-managed vulnerability disclosure in recent years. I read the release pretty early on, and vendor patches were already available! Wow!

Although there have been a few grumblings, it looks like there are a lot of others who feel the same way I do: it's perfectly OK to have a short lag time between vulnerability discovery and disclosure, as long as the Baddies don't start taking advantage of the situation before the patches are available. In this case, I read that the lag time was about 2 weeks, which seems perfectly reasonable.

Kudos to all involved!