Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers

[Gadi Evron <ge () linuxbox org>]

Not that I disagree with your sentiment or what you are saying, we all 
know about the lacking security practices, secure development practices 
and decent security response by *many* vendors.

Some of these vendors critical to the infrastructure far more than Oracle.

With all due respect to your wishes and intent, a research on different 
vendors, showing what vendor responds to threats, after how long and how 
effectively plus how many security issues appear with each would have 
made sense to me. Showing the Good and thus flushing the Bad without 
dissing anyone. Pure facts.
Attacking one vendor may make sense in some cases.. yes, again, 
attacking one vendor in public in *this* *fashion* may be long over-due, 
but it also seems to me to be rather.. in poor taste? Especially coming 
out of the blue with no past public statements.

I sympathize with your concerns and I am known to be FAR from a person 
who doesn't voice his opinions - and loudly, but it only makes me wonder 
why now, why them and why here.

Now, I am not an Oracle advocate - far from it, but your subject line 
says it all, and makes me look-down on your post automatically, which is 
a shame:
"Complete failure of Oracle security response and utter neglect of their 
responsibility to their customers"

Complete? Failure? Utter neglect? You better have some liability 
coverage. Adding "opinion" there might not be good enough, right or wrong.

Thanks for your time,

        Gadi Evron.

--
My blog: http://blogs.securiteam.com/?author=6

"The third principle of sentient life is the capacity for self-sacrifice 
--- the conscious ability to override evolution and self-preservation 
for a cause, a friend, a loved one."
        -- Draal, "A Voice in the Wilderness", Babylon 5.