Friday, October 07, 2005

Interesting Opinion (Open Letter) from D. Litchfield

Bugtraq has a posting by David Litchfield on the sad state of (non)security in the Oracle software suite. Cesar Cerrudo of Argeniss also added his voice to David's opinion.

What worries me is Cesar's "threat" to release 0day exploits to force Oracle to take a serious approach to fixing the flaws that have been identified. Many of which are supposely "fixed" by the various CPU patches and Alert 68. I sure hope that it does not come to that and I look forward to Mary-Ann Davidson's response of their strategy to fix the flaws (now and future).

No comments: