As many of you very well know, Oracle released its Jan2006 CPU on Jan 17th and almost immediately after, Alex of Red Database Security released details of exploits of 5 of the bugs fixed in the latest patch plus Impreva also released details of another exploit of a bug fixed in the patch.
Okay, it's fine to release the exploits in get credit or whatever knowledgement but come on, we (Oracle customers) are in a bind as now we have to get the patches applied as quickly as possible and hope that we are not exposed while trying to apply the patch to all the databases within our organization. This is damm irresponsible of Alex and Impreva! Impreva can forget about getting any business from my organization now and in future. We are essentially put in a position of being at risk if we don't apply the patch sooner or at the risk of something else breaking by applying the patch without fullly testing to ensure that existing critical applications still works.