got the latest crypto-gram by security guru Bruce Schneier, using the Cisco security flaw disclosure by Lynn to illustrate how we are all better off with full disclosure. Some quotes:

[..] about how security companies (like Cisco) treat vulnerabilities as public-relations problems first and technical problems second.

[..]

The security implications of this are enormous. If companies have the power to censor information about their products they don’t like, then we as consumers have less information with which to make intelligent buying decisions. If companies have the power to squelch vulnerability information about their products, then there’s no incentive for them to
improve security. If free speech is subordinate to corporate demands, then we are all much less safe.

Despite their thuggish behavior, this has been a public-relations disaster for Cisco and ISS. Now it doesn’t matter what they say — we won’t believe them. We know that the public-relations department handles their security vulnerabilities, and not the engineering department. We know that they think squelching information and muzzling researchers is more important than informing the public. They could have shown that they put their customers first, but instead they demonstrated that short-sighted corporate interests are more important than being a responsible corporate citizen.

The same goes for any relationship guarded by trust, I guess.