If I send you a letter with a subject that says, "Potential Security Issue With XYZ" and then provide sources for information, you better make it your job to delegate it out to somebody to investigate further and assess impact. Like I said, I'm a grunt. (Chief problem solving grunt, but a grunt) And I don't know all our products in a company of 100,000+ people, or how they are developed and used. It's not my place to give that assessment. I can only make you aware of how it might affect us. (ie: I know we have products that use JAVA and there is a new exploit for JAVA versions X Y Z that we may use.) The rest is up to you.