Hello participants of Mailing List. Is there people in the list who have positive experience in working with ZDI in 2013? I'm asking, because I have bad experience in working with ZDI. In the beginning of December I found multiple vulnerabilities in Avaya product. At 13.12.2012 and 18.12.2012 I informed ZDI by e-mail about them (including serious vulnerabilities, which allowed to take over admin panel). I hadn't received any answers from them. So in the end of January I registered at zerodayinitiative.com and asked them through the site, if they are interested in such holes. After they answered, that they were interested in these holes, I've sent them details. After waiting for more then two months (even they promised at their site to answer during 4-6 weeks), in the beginning of April I wrote them again. But they only asked to wait for their response on my advisory. So now they are thinking about these vulnerabilities already for 6 months. Meanwhile all clients, which use this Avaya product (and similar holes can be in many other Avaya's products), are in a risk of compromise. They demonstrate excessive slowness. At that at ZDI site in 2013 they published a lot of advisories and announced a lot of new advisories (there are currently 129 advisories pending public disclosure, but without my advisory, on which they haven't even answered). What experience do you have with ZDI this year? Best wishes & regards, MustLive Administrator of Websecurity web site http://websecurity.com.ua