>>>>> "ddrew" == ddrew <ddrew@mci.net> writes: ddrew> I think the overall issue is that there is an ethical ddrew> obligation to ensure that intrustion and/or vulnerability ddrew> detection code be protected from being placed directly into ddrew> the hands of those parties that may use it for malicious ddrew> intent. I think there is no such obligation. Well-designed systems should be secure even if the details of those systems are public knowlege. You can't put the genie back in th bottle once it is out. Let's not start this topic on this list now... -Rens