Security Firm Pulls Hotmail Advisory
Saw this over at SNN
Neurocom, a Canadian security company, issued a press release about a hole in Microsoft's Hotmail site without contacting the software vendor. They reportedly proceeded to retract the press release when it was revealed that Microsoft had fixed the hole several weeks ago. The procedures around how to inform product vendors, web sites, and the public that a security vulnerability exists have been widely debated and to some degree continue to be a work in progress. Rain Forest Puppy and @stake were the first researchers to publicly post advisory procedures. These guidelines have come to set the standard for how many researchers advise vendors and inform the public.