July 27th, 2005
I just saw that Mary Ann Davidson - Oracle's Chief Security Officer - has written a news article for news.com titled http://news.com.com/When+security+researchers+become+the+problem/2010-1071_3-5807074.html - (broken link) When security researchers become the problem. This is a very interesting article and is quite clearly a rebut against recent challenges to Oracle to fix bugs more quickly by releasing advisories for unfixed bugs. This is a good article where Mary Ann tries to defend her position whilst attacking the position of those who have released details of exploits. It is also interesting that she tries to justify Oracles timescales which is fair enough - her argument is good but she doesn't actually explain why it takes 2 years to fix bugs.
The article doesn't mention the recent problems with the April CPU and subsequent problems with the fixes to the April CPU or the issues raised by Cesar on the July CPU. It also doesn't say when the outstanding lists of bugs on the likes of Alex, David Litchfields and Argeniss's sites will be fixed, a lot of which were reported more than one year ago.
The article has a link at the bottom where it is possible to leave a comment for Mary Ann.