[WEB SECURITY] Oracle in war of words with security researcher
Martin O'Neal
martin.oneal at corsaire.com
Fri Jan 27 12:25:40 EST 2006
> Yet Oracle wants to ignore issues for almost two years or more?
> (All please don't tell me they need that much development time
> to find and fix the flaw.)
Objectively; if everyone already knew that Oracle has been slow to get
things patched, then where is the benefit in making the information
public? Unless Oracle have found a way to defy the laws of economics,
they will have a finite number of developers. If they now have to
reassign some developers to resolve these issues because they have had
their hand forced, then something else wont be happening; other patches
or new feature development. Either of these may be even *more*
important to their customers; however, Oracle no longer have the choice.
Rather than prioritising the work based on what may actually be best for
their customers, they are now fighting fires dictated by someone without
any vested interest in getting it right. You think this is in your best
interest as a customer?
Martin...
---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/
The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/
More information about the websecurity
mailing list