Flaw finders are packaging their efforts into slick month-of bug projects. But are we more secure for it?

As this industry matures, even the bug finders are getting a little slick. They've taken a few pages from the vendors' playbook and recently productized their findings--packaging and launching them in what they've called "month-of" projects. It all started last summer with the month of the browser bugs, followed by the month of kernel bugs and the month of Apple bugs. It sounds like a good idea on paper. You force the hand of vendors to fix known bugs. But the vendors are inundated with bugs (unfortunately) and haven't seemed to react to these tactics. Instead the month-of projects are just giving hackers easier access to information.