A great deal of software bugs are discovered by security researchers outside of the vendor environment. For a long time, it was the application makers who set the rules on what bug info and code issues could be disseminated publicly and how. But now, the bug hunters want some vendor commitment on the actual bug cleanup work and whether software makers are fixing the vulnerabilities that keep cropping up. As one analyst notes, it's not a new battle, but security researchers are making a stronger push than ever to get vendors to be more aggressive on vulnerability fixes. Another expert notes that the ideal solution, which would benefit everyone from users to vendors to security researchers, is simply creating a wide open line of communication.

For more on the bug disclosure issue:
-check out C/NET News.com's article