As SearchSecurity's recent podcast noted, Apache's recent security disclosure was unusual in how thorough it was. Just curious: What's your company's intrusion or malware disclosure policy, and are you happy with how it's implemented?