Forwarded from: security curmudgeon <jericho@private> : In the past, Oracle has been criticized for its lackadaisical approach : to addressing critical security flaws. At the Black Hat security : conference in Las Vegas last year, NGS Software pushed the envelope by : releasing details on more than two dozen security holes in Oracle : products that had not been fixed. : : At the time, NGS Software said Oracle was aware of the vulnerabilities - : some of them critical - for several months. Several months? From this round of patches.. http://www.red-database-security.com/content6.html History: 03 April 2003 Oracle was informed 18 April 2003 Bug confirmed 18 Januar 2005 Oracle published alert 69 Just under two years for this issue? http://archives.cnn.com/2002/TECH/industry/01/21/oracle.unbreakable.idg/ Oracle Corp. Chairman and Chief Executive Officer Larry Ellison said Thursday that Oracle software remains unbreakable and mocked a memo sent this week by arch rival Bill Gates stressing to Microsoft Corp.'s employees the importance of security in the company's products. http://www.osvdb.org/searchdb.php?action=search_title&vuln_title=oracle&Search=Search "Microsoft isn't good at security. We're good at that.." -- Larry Ellison _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Fri Jan 21 2005 - 01:23:15 PST