Argeniss Information Security has announced on their website that they planned to release a Day-zero Oracle bug per day for a whole week in December. Their reasoning was that "We have 0days for all Database software vendors but Oracle is "The #1 Star" when talking about lots of unpatched vulnerabilities and not caring about security."
Now I don't agree with Argeniss as I see Oracle being serious about fixing their security flaws and also committed to training their developers in terms of writing secured code. Argeniss' actions are irresponsible and actually put Oracle's customers at risk. Argeniss has nothing to be "proud" of as you got to remember that this is a company who is willing to sell their zero day exploits for $2,500.
I don't know what dealings Argeniss or Cesar Cerrudo have had with Oracle but this is definitely not the right way to approach the security issues with the Oracle software. A lot of organizations will not be able to do anything to fix these flaws and the only approach is to have their firewall defenses configured to ensure that authorized and legit traffic are passthrough if that is even possible or doable. In the meanwhile, I can only wait to see what kind of information Argeniss will release and assess whether there is enough information (directly or indirectly) that would provide a hacker to do an exploit.
I wonder if it is shown that a hacker is able to hack in through the Oracle software as a result of Argeniss disclosing crucial information about the exploit used by the hacker, that the organizations affected could seek damages and compensation from Argeniss? Maybe something for the legal minds out there to ponder.