Re: DBAs brace for week of Oracle bugs

[InfoSec News <alerts () infosecnews org>]

Forwarded from: security curmudgeon <jericho (at) attrition.org>

: http://www.theregister.co.uk/2006/11/24/week_of_oracle_bugs/
: 
: By John Leyden
: 24th November 2006
: 
: Security researchers irked at Oracle's tardiness at releasing patches 
: for security bugs plan to name a different vulnerability in Oracle's 
: enterprise software every day for a week in December.

http://osvdb.org/blog/?p=149

Weak of Oracle Bugs

No, not a typo. A couple weeks back, Argeniss was proud to announce that 
we are starting on December the Week of Oracle Database Bugs (WoODB). A 
couple days ago they abruptly called off the WoODB with the following 
message:

    We are sad to announce that due to many problems the Week of Oracle 
    Database Bugs gets suspended.

    We would like to ask for apologizes to people who supported this and 
    were really excited with the idea, also we would like to thank the 
    people who contributed with Oracle vulnerabilities.

Its hard to ignore the obvious possibility (especially with so many other 
people saying the same) that they solicited the community to support their 
effort by submitting unpublished Oracle vulnerabilities, then arbitrarily 
shut the effort down while keeping all the information and not sharing it 
as stated. Argeniss, why not give us the full story? Were you threatened 
by Oracle? Drastic change of ethical stance? Pure greed when you realized 
the value of a hundred contributions?


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn