[Previous entry: "OUG Scotland"] [Next entry: "Link to David Litchfields original post"]
David Litchfield writes an open letter to the security community and Oracle customers
October 6th, 2005 by Pete
Post to del.icio.us
Post to Furl
I have just seen a post to the BugTraq mailing list at Security Focus written by David Litchfield and replied to by Cesar Cerrudo. The post is titled "Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers". Scroll down and read David’s original post first before you read Cesar's comments. This is eye opening for Oracle customers and very interesting reading. David lists issue after issue that was reported years ago in some cases that are still not fixed correctly. He reports bugs not fixed by actually getting rid of the root problem but taping over the hole so to speak. He also talks about bug’s fixed and similar holes a few lines down from the fix having exactly the same issue.
David is calling for Oracle customers to contact Oracle and demand a better security service and those customers should demand fixes. Cesars comments mirror those of David with some comparisons to Microsoft a few years ago and he also threatens to release a 0day remote exploit.
