This is a review of the security-related aspects of draft-oreirdan-mody-bot-remediation, primarily for the benefit of the Security ADs and the authors or draft-oreirdan-mody-bot-remediation. The document is a set of recommendations to ISPs on how to deal with customer computers that have been botted. It is informational in nature, and (wisely) avoids any 2119ish language. Topics covered include determining which customers might be infected, communicating with the customers, and remediation. In other words, the entire document covers security-related topics. Fortunately, it does so in a very clear fashion throughout. Suggestions for actions than an ISP might take are often accompanied with warnings and discussion of the security aspects of those actions. The Security Considerations section, while short, emphasizes the need for the reader to read carefully, particularly the section on the security aspects of sending mail to potentially-infected customers. One editorial comment: the first sentence of the abstract has a superfluous comma that imbues unintended humorous semantics: This document contains recommendations on how Internet Service Providers can manage the effects of computers used by their subscribers, which have been infected with malicious bots, via various remediation techniques. It is unlikely that subscribers themselves have been infected with malicious bots. A better wording might be: This document contains recommendations on how Internet Service Providers can use various remediation techniques to manage the effects of malicious bots on their subscribers' computers. --Paul Hoffman