"Network protection company Internet Security Systems published
a security advisory for Apache, the Internet's most popular Web
server, and gave the Apache Foundation, which created the software,
less than two hours to respond.
"Considering the potential seriousness of the issue, the
company's public announcement of the problem without first talking
to the Apache developers wasn't responsible, said Mark Cox, a
founding member of the Apache Foundation.
"'There are many minds on how long to give a vendor to respond,'
Cox said. 'Some say until the vendor releases a patch, others say
10 hours. In any event, two hours is not sufficient...'"