WebApp Sec mailing list archives
Re: [WEB SECURITY] Re: Oracle in war of words with security researcher
From: Valkyrie <valkyrie () hacktek com>
Date: Fri, 27 Jan 2006 15:59:15 -0800
Is this truly a case of Oracle's people being terrible to deal with when it comes to security research and response, or is it more toward the corporate culture that may influence how quickly the organization responds to issues? I could contend the same thing for several enterprise software and security software/hardware vendors presently in the IT space. A culture of trusted advisory and responsiveness to end users just doesn't *seem* to be on the "Top 5 Initiatives" list. Again, my assertion goes back to failure to have received a logical response to the question, "How long is too long to fix your stuff?" Martin has highlighted some excellent points from what may be a vendor perspective, however, those points do not necessarily help resolve this issue.
Regards, valkyrie Byron Sonne wrote:
This isn't picking on Oracle, this is true for all vulnerabilities in widely used publicly available products.Oracle *should* be picked on though: they're terrible people to deal with when it comes to security research.--------------------------------------------------------------------- The Web Security Mailing List http://www.webappsec.org/lists/websecurity/ The Web Security Mailing List Archives http://www.webappsec.org/lists/websecurity/archive/
------------------------------------------------------------------------- This List Sponsored by: WatchfireWatchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today.
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh --------------------------------------------------------------------------
Current thread:
- Oracle in war of words with security researcher bugtraq (Jan 26)
- Re: Oracle in war of words with security researcher robert (Jan 27)
- Re: Oracle in war of words with security researcher Byron Sonne (Jan 27)
- Re: [WEB SECURITY] Re: Oracle in war of words with security researcher tlmacgi (Jan 27)
- Re: [WEB SECURITY] Re: Oracle in war of words with security researcher Valkyrie (Jan 27)
- Re: [WEB SECURITY] Re: Oracle in war of words with security researcher Andrew van der Stock (Jan 27)
- Re: [WEB SECURITY] Re: Oracle in war of words with security researcher Paul Schmehl (Jan 27)
- Re: Oracle in war of words with security researcher Byron Sonne (Jan 27)
- Re: Oracle in war of words with security researcher robert (Jan 27)