Advisory for the ASP.NET Vulnerability
We are basically asking the industry to follow a Coordinated Vulnerability Disclosure and are therefore not in favor of public vulnerability disclosure as it puts the industry unnecessarily at risk.
Recently there was a vulnerability in ASP.NET publically disclosed. We released an advisory and you should look into implementing the suggested workaround: Vulnerability in ASP.NET Could Allow Information Disclosure.
UPDATE: A very good description by our SWI Team: Understanding the ASP.NET Vulnerability
Roger