WebApp Sec mailing list archives
Re: Oracle in war of words with security researcher
From: robert () dyadsecurity com
Date: Thu, 26 Jan 2006 19:52:23 -0800
bugtraq () cgisecurity net(bugtraq () cgisecurity net)@Thu, Jan 26, 2006 at 12:48:18PM -0500:
I'm all for giving plenty of time to fix a flaw, but 650-800 days is a little crazy....
The worst part is very few customers were even allowed to be aware of the exposed problem for that time. It's one thing to take a long time to develop a patch; it's quite another to withhold critical security information from people who could at least make better policy decisions with the vulnerability information sans patch. I think it's in the end users best interest to get the vulnerability information directly from those discovering the problems in a timely manner, rather that wait until a patch is available from the vendor. This isn't picking on Oracle, this is true for all vulnerabilities in widely used publicly available products. Robert -- Robert E. Lee CIO, Dyad Security, Inc. W - http://www.dyadsecurity.com E - robert () dyadsecurity com M - (949) 394-2033 ------------------------------------------------------------------------- This List Sponsored by: Watchfire Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh --------------------------------------------------------------------------
Current thread:
- Oracle in war of words with security researcher bugtraq (Jan 26)
- Re: Oracle in war of words with security researcher robert (Jan 27)
- Re: Oracle in war of words with security researcher Byron Sonne (Jan 27)
- Re: [WEB SECURITY] Re: Oracle in war of words with security researcher tlmacgi (Jan 27)
- Re: [WEB SECURITY] Re: Oracle in war of words with security researcher Valkyrie (Jan 27)
- Re: [WEB SECURITY] Re: Oracle in war of words with security researcher Andrew van der Stock (Jan 27)
- Re: [WEB SECURITY] Re: Oracle in war of words with security researcher Paul Schmehl (Jan 27)
- Re: Oracle in war of words with security researcher Byron Sonne (Jan 27)
- Re: Oracle in war of words with security researcher robert (Jan 27)