Disappointing CVE man does have at least one point in their blog post I can agree with, CERT VINCE is just not useful.

During the BGP Reset CVE stuff last year it the VINCE thread had like 90 vendors on it with maybe 5 responding in the reply-all chain and Extreme networks arguing to everyone else that it was not a vuln.

I don't really see how this is useful to anyone. The next issue I find like that is almost certainly going to be a zero notice full disclosure, I don't see any benefit in giving any heads up to vendors with the industry being in the state that it is.