I saw Mary Ann's interestingly titled post "Lies, Damn Lies, and Statistics
" and had a read. The interesting part for me was the short discussion of the genesis and development around the Oracle secure coding standards that currently sits at 300 pages and has driven training classes and more. Its unclear what languages this is for, mostly C and PL/SQL I would guess. As a lot of customers code customisations for Oracle Applications, APEX and the Forms and Reports products and also write their own applications with PL/SQL, OCI and Pro*C and more it would be good if these standards could be accessed and used by all customers. Afterall Mary Ann states in the post that third party aquisitions are brought into line with these standards. If these are the standards defined by the vendor we would all like to get to the same level and also help improve them for the benefit of all.