Information Security News
mailing list archives
Re: Oracle fixes bugs with mega patch
From: InfoSec News <isn () c4i org>
Date: Mon, 24 Oct 2005 08:09:05 -0500 (CDT)
Forwarded from: The Unknown Security Person...
Oracle has been criticized for dragging its heels on fixing security
flaws and being unresponsive to researchers who find bugs. Oracle's
Chief Security Officer, Mary Ann Davidson, in response said security
researchers can be a problem when it comes to product security.
How exactly? Oh yeah, they point out the flaws in the products.
Don't shoot the messenger here folks. Let's remember who created this
"unbreakable" (anyone remember those commercials?) software with
several hundred bugs patched per year (and who knows how many are
found and not yet patched. Yikes).
Can anyone imagine another database vendor doing such a bad job as
Oracle is? Last I heard DB2, PostgreSQL and MySQL and heck even MS-SQL
all have significantly happier customers and better security
P.S. 60 bugs patched per quarter it seems on average, many of which
are months or years old, this means we can expect 60 more patches a
quarter for a LONG time from Oracle folks, unless of course those
pesky security researchers stop reporting flaws in which case we only
have 1-2 more years of 60 bugs fixed per quarter.
Ain't it great?
InfoSec News v2.0 - Coming Soon!