Re: [WEB SECURITY] Re: Oracle in war of words with security researcher

[Valkyrie <valkyrie () hacktek com>]

Is this truly a case of Oracle's people being terrible to deal with when 
it comes to security research and response, or is it more toward the 
corporate culture that may influence how quickly the organization 
responds to issues?  I could contend the same thing for several 
enterprise software and security software/hardware vendors presently in 
the IT space.  A culture of trusted advisory and responsiveness to end 
users just doesn't *seem* to be on the "Top 5 Initiatives" list.  Again, 
my assertion goes back to failure to have received a logical response to 
the question, "How long is too long to fix your stuff?"   Martin has 
highlighted some excellent points from what may be a vendor perspective, 
however, those points do not necessarily help resolve this issue.

Regards,
valkyrie

Byron Sonne wrote:

> > This isn't picking on Oracle, this is true for all vulnerabilities in
> > widely used publicly available products.
>
>
> Oracle *should* be picked on though: they're terrible people to deal 
> with when it comes to security research.
>
> ---------------------------------------------------------------------
> The Web Security Mailing List
> http://www.webappsec.org/lists/websecurity/
>
> The Web Security Mailing List Archives
> http://www.webappsec.org/lists/websecurity/archive/


-------------------------------------------------------------------------
This List Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application 
security testing suite, and the only solution to provide comprehensive 
remediation tasks at every level of the application. See for yourself. 
Download AppScan 6.0 today.

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------