Actually, it makes me feel relieved. There are always discovered but
unreported vulnerabilities in just about any popular OS or software out
there. [Supposedly this happens even more nowadays due to the hassle
vulnerability reporters feel they receive from vendors and other parties.]
It's a good thing for us when the person that finds these notifies the
vendor and waits a reasonable amount of time for a patch to come out. The
fact that sanitized information is on the eEye web page is also good... it
puts light on the vulnerabilities and prods the vendor into hopefully
reacting faster, without making the vulnerabilities known. It's also good
publicity for eEye. Everybody wins.
