Ever so often, I make it a point to glance at the upcoming advisories from TippingPoint's Zero Day Initiative and wonder about the status of these "high risk" issues that are more than 300 days old. According to ZDI, the vendors associated with these pending zero-day vulnerabilities have all been notified and are (supposedly) working on patches. In all, there are 28 in the ZDI pipeline, all high-severity, affecting some of the world's biggest IT vendors -- Computer Associates, Microsoft, Hewlett Packard, Novell, Oracle, IBM, Symantec, Sun Microsystems, Veritas and Borland. Microsoft appears on the list six times. Five of the Microsoft bugs were reported more than 200 days ago while the sixth was reported 452 days ago.