Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [ISN] Oracle fixes bugs with mega patch

from [InfoSec News] Network Security [Permanent Link]
Subject: Re: [ISN] Oracle fixes bugs with mega patch
Date: Mon, 24 Oct 2005 08:09:05 -0500 (CDT) 
Forwarded from: The Unknown Security Person...


Oracle has been criticized for dragging its heels on fixing security
flaws and being unresponsive to researchers who find bugs. Oracle's
Chief Security Officer, Mary Ann Davidson, in response said security
researchers can be a problem when it comes to product security.


How exactly? Oh yeah, they point out the flaws in the products.

Don't shoot the messenger here folks. Let's remember who created this
"unbreakable" (anyone remember those commercials?) software with
several hundred bugs patched per year (and who knows how many are
found and not yet patched. Yikes).

Can anyone imagine another database vendor doing such a bad job as
Oracle is? Last I heard DB2, PostgreSQL and MySQL and heck even MS-SQL
all have significantly happier customers and better security
experiences.

P.S. 60 bugs patched per quarter it seems on average, many of which
are months or years old, this means we can expect 60 more patches a
quarter for a LONG time from Oracle folks, unless of course those
pesky security researchers stop reporting flaws in which case we only
have 1-2 more years of 60 bugs fixed per quarter.

Ain't it great?



_________________________________________
InfoSec News v2.0 - Coming Soon! 
http://www.infosecnews.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [ISN] Linux Advisory Watch - October 21st 2005, InfoSec News
Next by Date:  RE: [ISN] Bruce Schneier talks cyber law, InfoSec News
Previous by Thread:  [ISN] Oracle fixes bugs with mega patch, InfoSec News
Next by Thread:  [ISN] Hacker loses name suppression, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]