I wholeheartedly agree, the 'dragnet' methodology is already documented and well-known and that should factor into your security assessments.