FYI...

- http://www.theinquirer.net/gb/inquirer/news/2008/02/12/criminals-pay-hide
12 February 2008 - "...Criminals are bribing security experts and hackers to keep quiet about security vulnerabilities, according to IBM's security experts ISS. The annual "X-Force" report*, shows that the number of security vulnerabilities is down by 5.4 per cent this year. This is the first time in ten years, but Biggish Blue experts warn that the web is not much safer. Chris Rouland, ISS's chief technology officer, said the 2007 number would have been higher if not for the fact that organised crime is paying a bounty of up to $100,000 to computer whizzes who find such threats and shut up about them. Software vendors are also buying the vulnerability information so that they can fix them without anyone noticing. He said there was no way to tell how many security holes are going undocumented..."
* http://www.iss.net/x-force_report_images/2008/index.html

Above post shows why we need to be where they are:

> http://seclists.org/
"...Full-Disclosure - We believe in it."


.