I think the point he is really trying to make is that by having a dedicated team as a single point of contact may actually stream line the procees, and in effect speed up response time... All in all I think this is a very good idea. The current process works but I see this as a suggestion of how things can be made better.

A setup like this also has the added benefit of PR value by "publicly" showing the developers concern. This is not to imply that the developers are not concerned (obviously not the case) but makes it easier for the public to see... Apperances do count to a certain degree.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/296/30424#30424