Security Researcher Says Oracle Slow to Fix Flaw

Billosaur writes "A report by Robert Lemos of SecurityFocus in The Register states that Oracle is being criticized by David Litchfield of Next-Generation Security Software for failing to rapidly patch a known flaw in its database software. Litchfield had made Oracle aware of the flaw last October and is now taking them to task for their slow response to the exploit. Oracle, in turn, has attacked Litchfield: 'We are always disappointed when researchers feel the need to publish details of vulnerabilities before a fix is available... What David Litchfield has done is put our customers at risk.'"

Re:A Cultural Thing?

[JordanL]

Honestly we can't blame this tactic on Microsoft, though they have been highly visible in this regard, due to their high volume of security flaws. It's almost as bad as a bunch of automaker executives running away from a flaming car and blaming it on Ralph Nader.

I'm pretty sure that metaphore is bad enough to make baby Jesus cry. I have absolutely no clue how a software company taking longer than 3 months to patch code that could have tens of millions of lines is like automakers blaming a car explosion on ralph nader because he's al queda....

I understand that you want to try and make everything a political argument about how much America and/or Bush and/or Republicans and/or the intelligence community and/or Congress sucks, but seriously... a software patch?

Re:A Cultural Thing?

[PacketScan]

"Oracle borrowing from the Microsoft Security-Fixing Playbook?" I'd say they stole it.

Re:A Cultural Thing?

[corbettw]

Remember when american made goods were the best in the world?

I'm only 34, so, no.