I read your recent report BlindElephant - BlackHatUSA2010 - Community.pdf
In the report you show that all Drupal versions below 6.16 are vulnerable (slide 36 shows this). In fact Drupal's standard is to support 2 major branches of code, currently those are 5.x and 6.x. Users on Drupal 5.22 or 6.16 or 6.17 are currently on the latest recommended release.
Can you clarify if this was an oversight in the report or whether you are claiming that there are critical vulnerabilities in Drupal 5.22?