Security Researcher Says Oracle Slow to Fix Flaw

Billosaur writes "A report by Robert Lemos of SecurityFocus in The Register states that Oracle is being criticized by David Litchfield of Next-Generation Security Software for failing to rapidly patch a known flaw in its database software. Litchfield had made Oracle aware of the flaw last October and is now taking them to task for their slow response to the exploit. Oracle, in turn, has attacked Litchfield: 'We are always disappointed when researchers feel the need to publish details of vulnerabilities before a fix is available... What David Litchfield has done is put our customers at risk.'"

It's the other way around..

[deep44]

We are always disappointed when researchers feel the need to publish details of vulnerabilities before a fix is available...

We (consumers) are always disappointed when vendors postpone a patch for a critical vulnerability to the point where a researcher must release the details of said vulnerability in order to motivate the vendor.