Online security consultancy Spi Dynamics has sparked a new debate over the responsible handling of vulnerability warnings with the release of an alert for multiple security holes in the Sun ONE Application Server 7.0. The Atlanta-based Spi Dynamics issued the warning without the availability of a patch or workaround from Sun Microsystems (Quote, Company Info). A spokesperson for Sun confirmed the existence of the security holes and said one of the bugs has already been fixed in Update 1 of Application Server 7.0. “We’re aware of the security issues and have fixes underway. The other three bugs will be fixed in Update 2, expected to be available in August,” the spokesperson told internetnews.com. However, a JSP source code disclosure vulnerability which carries a “High” severity rating is still unpatched. According to Spi Dynamics CEO Brian Cohen, the decision to release the information was made after several unsuccessful attempts to reach Sun’s security unit. Full Story