I work for an ISP and, believe me, we would rather fix this stuff before customers start ringing up than ignore it - the PHP thing for instance was fixed before anyone noticed. I think you will find that this is the case with most ISPs, after all it is machines on their network that are going to get r00ted, but of course with the larger players there may be some delay if they have thousands of machines to update ...

/J\