Forwarded from: security curmudgeon <jericho (at) attrition.org>
: http://www.theregister.co.uk/2006/11/24/week_of_oracle_bugs/
:
: By John Leyden
: 24th November 2006
:
: Security researchers irked at Oracle's tardiness at releasing patches
: for security bugs plan to name a different vulnerability in Oracle's
: enterprise software every day for a week in December.
http://osvdb.org/blog/?p=149
Weak of Oracle Bugs
No, not a typo. A couple weeks back, Argeniss was proud to announce that
we are starting on December the Week of Oracle Database Bugs (WoODB). A
couple days ago they abruptly called off the WoODB with the following
message:
We are sad to announce that due to many problems the Week of Oracle
Database Bugs gets suspended.
We would like to ask for apologizes to people who supported this and
were really excited with the idea, also we would like to thank the
people who contributed with Oracle vulnerabilities.
Its hard to ignore the obvious possibility (especially with so many other
people saying the same) that they solicited the community to support their
effort by submitting unpublished Oracle vulnerabilities, then arbitrarily
shut the effort down while keeping all the information and not sharing it
as stated. Argeniss, why not give us the full story? Were you threatened
by Oracle? Drastic change of ethical stance? Pure greed when you realized
the value of a hundred contributions?
_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Wed Nov 29 2006 - 23:17:33 PST