From Wired (http://www.wired.com/politics/security/news/2007/08/medeco).

Probably old news to the LP ninjas, but it was interesting to me. In the other talk last year on this I kept thinking (having no lock-fu myself) that this reminded me of the early battles with software vendors in the 90's: deny, deny, then silently patch.

From Medeco's director of tech:

"We stand behind our locks," Roberson said. "We don't believe you can use a bump key on Biaxial or M3 (locks) at all, whether it's with a paper clip or not. We believe that this information is factually incorrect."

Umm... Okay...

So if you close your eyes and believe hard enough, it makes it so.

The deny deny deny is common, we often get lucky if a silent patch ever comes along. There are a lot of parallels and a lot of hubub about responsible disclosure right now. As a friend of mine, CS guy, not an LP guy, said "There is no debate about responsible disclosure, these issues have been solved already." referring to the struggles of the hacker community.

What's happening with Medeco is interesting. Elsewhere they mention that they will be headed to Florida to see the attacks and address at least the deadbolt bypass. It's my hope that they will take a first hand look at the bump attack as well.

I wouldn't mind seeing the USGov on Abloys anyhow, though.