Whoops. Looks like Microsoft have a problem beyond "full disclosure" to contend with. How about "no disclosure"?
French security services provider VUPEN claims to have discovered two critical security vulnerabilities in the recently released Office 2010 – but has passed information on the vulnerabilities and advice on mitigation to its own customers only. For now, the company does not intend to fill Microsoft in on the details, as they consider the quid pro quo – a mention in the credits in the security bulletin – inadequate.
--ArielMT.....Wed Jul 07 11:14:27 -0700 2010