Several users welcomed the growing willingness of vendors and security researchers to work together to identify and fix software vulnerabilities in the wake of last week’s disclosure of a major hole in a widely used e-mail protocol. But they also expressed concern over the practice by some in the security community to release vulnerability information to certain users before making it available to the public. Atlanta-based security vendor Internet Security Systems Inc. (ISS) and Emeryville, Calif.-based Sendmail Inc. last week disclosed the existence of a major buffer-overflow vulnerability in the sendmail mail-transfer agent, which handles more than 50% of all Internet e-mail traffic. Full Story