Whose X do I need to X to get on CERT?

["Jonathan G. Lampe" <jonathan () stdnet com>]

My company makes a product ("UniGate") which among other things is an SNMP 
agent.  When CERT's recent SNMP advisory came out 
(http://www.cert.org/advisories/CA-2002-03.html), we reacted I  think like 
any other responsible vendor should.  I grabbed the various test suites 
available and threw them against undefended internal test boxes while the 
engineering staff consulted the source code.  It  took us two full days to 
get a handle on things, but by February 14th we had an advisory statement 
for  our customers.  I mailed CERT a copy (you can see the text of the 
message 
here:  http://www.stdnet.com/support/?category_number=3&subcategory_number=1 )

On its major advisories CERT advertises a "Vendor Information" section with 
"details from vendors who  have provided feedback for this advisory."  I 
see the online doc has been updated several times a day  since the advisory 
came out (18 times since I sent my first email), but after 4 emails and 2 
phone calls I'm still waiting for anything other than  an automated response.

Has anyone else (particularly vendors) ever had problems getting CERT to 
post stuff, or even  acknowledge your presence?  Is there an invisible 
"pay-to-play" thing going on here which has escaped  my notice?  Am I 
talking to the wrong people?  Anyone?  Buehler?

TIA, Jonathan Lampe, GCIA, GSNA, etc.

P.S.  Here's where I sent copies of the letter (give it another shot every 
2 days or so...):
cert () cert org  SUBJ: VU#617947
cert () cert org  SUBJ: CA-2002-03 Feedback VU#617947
cert () cert org  SUBJ: Yet Another Vendor entry for CA-2002-03

Number Called:
412-268-7090  (Feb 15 and Feb 18)

(On a Friday phone calls, the guy ack'ed receipt of at least one of the 
email messages - said "call back on Monday".)