Having just recently posted about the latest asp.net vuln, I just wanted to say I absolutely love how even non-security people suddenly poke their heads up and ask questions about issues like this when they are disclosed. Or better yet, post workarounds, issues, ways to detect these attacks, and so on. You can’t open up dialogue like this with closed-door issues…
That’s not to say I’m pro full-disclosure absolutely, but in the absence of Internet-breaking, easily-recreated issues that can be solved quickly (i.e. *really* good reasons), I tend to sympathize greatly with sharing the info rather than secreting it away.