Vulnerability Bulletins are completely useless because they are so afraid to give any details on the problem. By focusing on just the idiot steps to patch the problem, they are fostering a culture of 'dont learn it, just follow.' Ignorance is the main ingredient in fertile grounds for more attacks.
There was a recent bulletin on the IE mhtml vulerability. Google labeled it an IE issue which may leave non-IE users with a false sense of security. Does vulnerability affect ff plugins for mhtml? If your ff/win doesnt support mhtml, would that open IE? Bulletins keep these detail a secret because SW vendors have no in users overal security, just CYA.
http://q.okdaily.com/?waffle,1507
