Disclosure of Security Threats/Vulnerabilities

I've been having an interesting open dialog with Steve Jones (SQL Server Central) on the issue of disclosing security vulnerabilities. You can read the thread here: <www.sqlservercentral.com/forums/shwmessage.aspx?forumid=263&messageid=267111>

Feel free to chime in.