Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Researcher Says Oracle Slow to Fix Flaw

Posted by Zonk on from the get-to-work-you-slackers dept.

Billosaur writes "A report by Robert Lemos of SecurityFocus in The Register states that Oracle is being criticized by David Litchfield of Next-Generation Security Software for failing to rapidly patch a known flaw in its database software. Litchfield had made Oracle aware of the flaw last October and is now taking them to task for their slow response to the exploit. Oracle, in turn, has attacked Litchfield: 'We are always disappointed when researchers feel the need to publish details of vulnerabilities before a fix is available... What David Litchfield has done is put our customers at risk.'"

1 of 91 comments (clear)

  1. Researcher point of view by dtfinch · · Score: 4, Informative

    We are always disappointed when software companies force us to publish details of vulnerabilities before making a fix available.

    As bad as it is to publish unpatched vulnerabilities, it's worse if a company chooses to ignore security altogether. Ignoring security and suppressing vulnerability reports demands that vulnerabilities be published. People generally won't publish vulnerabilities if they see that the company it taking them seriously.