For what it's worth, coming from a University (read mostly Unix) environment,
I'm very familiar with trying to keep open systems safe.  The debates over how
much information to give out have been going on for *years* in the various
internet security newsgroups.  No resolution, yet.  :-)
 
I'm as curious as the next person, but I think HP did pretty well.  They let
us know that you had to be logged on to the system to get exploit the holes
and the provided a fix.
 
More information would probably be counter-productive.
 
I'd also have to say that, given the large number of system managers, anything
you tell them as a group might as well be published in the NY Times.  :-)
 
Chris
--
christopher michael, george s. may international, 708-825-8806 x 395