What he seems to be saying, is that he's already told the companies and they've done nothing.
As the architect for one of the products listed I can say with certainty that our product team has not been contacted with any vulnerability info. I'm all for open disclosure but I wish the authors of each software would be given a head-up slightly ahead of time.
It is indeed the modern Web Server 7.0 code. However, there's more than a tiny bit of lines of code tracing back to the Netscape Enterprise Server. The server itself was never rewritten, it is simply ten+ years of continuous development of the same code (so certainly a lot has changed, but also a lot remains).
Slashdot Mirror
What he seems to be saying, is that he's already told the companies and they've done nothing.
As the architect for one of the products listed I can say with certainty that our product team has not been contacted with any vulnerability info. I'm all for open disclosure but I wish the authors of each software would be given a head-up slightly ahead of time.
I added some more notes about it on my blog here: http://blogs.sun.com/jyrivirkki/entry/more_of_open_sourced_web