Oracle's Chief Security Officer Speaks Out

s0u1d13r writes "ZDNet Australia posted a special article from Oracle's CSO regarding the treatment and publishing of exploits and vulnerabilities by security researchers. From the article: 'There's a myth about security researchers that goes like this: Vendors are made up of indifferent slugs who wouldn't fix security vulnerabilities quickly -- if at all -- if it weren't for noble security researchers using the threat of public disclosure to force them to act.' An interesting read from the perspective of one of the largest software vendors accused of ignoring vulnerabilities by software researchers."

they misspelled "truth"

[Saven+Marek]

"There's a truth about security researchers that goes like this: Vendors are made up of indifferent slugs who wouldn't fix security vulnerabilities quickly -- if at all -- if it weren't for noble security researchers using the threat of public disclosure to force them to act."

What a lying bitch

[(negative+video)]

In reality, when a researcher puts customers at risk by releasing exploit code for a vulnerability before the vendor has had a chance to fix it, it's ridiculous to expect the vendor to say, "Thank you for putting our customers at risk."

You are the ones who intentionally designed in the flaw, and you are the ones who deliberately defrauded your customers by falsely warranting the product as "Unbreakable". If this was securities and not software, the SEC would have tossed you in a Federal-pound-me-in-the-ass prison.

"Oh, but we're innocent, somebody framed us!" Tell it to the hand 'cause the face ain't listening.