"o - Why is it that certain researchers (for instance Alex Kornbrust and Esteban Martínez Fayó - there are others) have lists in total of over 100 unfixed security bugs on their web sites - some of which were reported 21 months ago, also some of which are high risk to customers. Why does it take Oracle so long to fix security bugs.
o - Does she plan to release more helpful information with each quarterly patch scheduled release such as information to help customers decide whether they are at risk if they do not patch quickly. This could include detailed lists of which products are vulnerable - I.e. for CPU April 2005 - and you run version 8.1.7 you should patch only if you run OID and Oracle HTTP Server."
It will be interesting to see if she managed to do the interview and also what he answers might be.