Security Researcher Says Oracle Slow to Fix Flaw

Billosaur writes "A report by Robert Lemos of SecurityFocus in The Register states that Oracle is being criticized by David Litchfield of Next-Generation Security Software for failing to rapidly patch a known flaw in its database software. Litchfield had made Oracle aware of the flaw last October and is now taking them to task for their slow response to the exploit. Oracle, in turn, has attacked Litchfield: 'We are always disappointed when researchers feel the need to publish details of vulnerabilities before a fix is available... What David Litchfield has done is put our customers at risk.'"

Blame it on the messenger, again

[digitaldc]

Duncan Harris, senior director of security assurance for Oracle, said in an interview with SecurityFocus.
"What David Litchfield has done is put our customers at risk."

This is the same argument that the Bush Administration used when the NYTimes published their story about how Bush & Co. are conducting domestic spying operations in the US.
Bush & Co. said this story should not have been published because it makes us less safe.

So instead of acknowledging your shortcomings or wrongdoing, you blame the messenger. This is not very fair in my opinion.
Why doesn't Oracle just acknowledge the problem and then fix it?