..and of course:
"Cisco Denies Router Vulnerability Claims"
[snip]
Of course. That's how a broken vuln system works. 
The major flaw is that the vendor decides who gets to know
about a vulnerability. This causes an insecurity in "the system"
because $vendor is dealing with people usually more qualified than
themselves to make a decision on who needs to know and make one
independant of revenue<-- .
$vendor is probably not the best person to decide who
gets on the secret-15 lists et. al.
-M<