WebApp Sec mailing list archives

Oracle in war of words with security researcher

From: bugtraq () cgisecurity net
Date: Thu, 26 Jan 2006 12:48:18 -0500 (EST)

This was linked off of slashdot.

http://www.theregister.co.uk/2006/01/26/security_researcher_versus_oracle/

"Oracle has taken a significant amount of criticism for its handling of software security issues. 
Last week, the database giant released a critical patch update (CPU) that fixed at least 82 flaws. 
Two of the flaws apparently took more than 800 days to fix. That's nothing new - last year, 
researchers took the company to task for taking more than 650 days to publish a fix for a 
security issue."

I'm all for giving plenty of time to fix a flaw, but 650-800 days is a little crazy....

- z
http://www.cgisecurity.com/ Website Security News and More!
http://www.cgisecurity.com/index.rss [RSS Feed]

-------------------------------------------------------------------------
This List Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------

Current thread:

Oracle in war of words with security researcher bugtraq (Jan 26)
- Re: Oracle in war of words with security researcher robert (Jan 27)
  - Re: Oracle in war of words with security researcher Byron Sonne (Jan 27)
    - Re: [WEB SECURITY] Re: Oracle in war of words with security researcher tlmacgi (Jan 27)
    - Re: [WEB SECURITY] Re: Oracle in war of words with security researcher Valkyrie (Jan 27)
    - Re: [WEB SECURITY] Re: Oracle in war of words with security researcher Andrew van der Stock (Jan 27)
    - Re: [WEB SECURITY] Re: Oracle in war of words with security researcher Paul Schmehl (Jan 27)