Given that Notes/Domino had it’s first security flaw in quite some time, I was checking out the technotes and found the following:
VIII. DISCLOSURE TIMELINE
04/21/2004 Exploit acquired by iDEFENSE
05/05/2004 iDEFENSE clients notified
05/05/2004 Initial vendor notification
05/07/2004 Initial vendor response
06/23/2004 Public disclosure
It only took Lotus six weeks to fix the vulnerabilities, as opposed to six months the competition normall takes. I think this says a LOT for IBM and Lotus.