Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers

To: David Litchfield <davidl@xxxxxxxxxxxxxxx>
Subject: Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers
From: Gadi Evron <ge@xxxxxxxxxxxx>
Date: Fri, 07 Oct 2005 19:38:39 +0200
Cc: bugtraq@xxxxxxxxxxxxxxxxx, ntbugtraq@xxxxxxxxxxxxxxxxxxxxxx
In-reply-to: <01cf01c4f408$fa7fc610$0100a8c0@xxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <01cf01c4f408$fa7fc610$0100a8c0@xxxxxxxxxxxxxxx>
User-agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)

Not that I disagree with your sentiment or what you are saying, we allknow about the lacking security practices, secure development practicesand decent security response by *many* vendors.


Some of these vendors critical to the infrastructure far more than Oracle.

With all due respect to your wishes and intent, a research on differentvendors, showing what vendor responds to threats, after how long and howeffectively plus how many security issues appear with each would havemade sense to me. Showing the Good and thus flushing the Bad withoutdissing anyone. Pure facts.Attacking one vendor may make sense in some cases.. yes, again,attacking one vendor in public in *this* *fashion* may be long over-due,but it also seems to me to be rather.. in poor taste? Especially comingout of the blue with no past public statements.

I sympathize with your concerns and I am known to be FAR from a personwho doesn't voice his opinions - and loudly, but it only makes me wonderwhy now, why them and why here.

Now, I am not an Oracle advocate - far from it, but your subject linesays it all, and makes me look-down on your post automatically, which isa shame:"Complete failure of Oracle security response and utter neglect of theirresponsibility to their customers"

Complete? Failure? Utter neglect? You better have some liabilitycoverage. Adding "opinion" there might not be good enough, right or wrong.


Thanks for your time,

        Gadi Evron.

--
My blog: http://blogs.securiteam.com/?author=6

"The third principle of sentient life is the capacity for self-sacrifice--- the conscious ability to override evolution and self-preservationfor a cause, a friend, a loved one."

        -- Draal, "A Voice in the Wilderness", Babylon 5.

Follow-Ups:
- Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers
  - From: David Litchfield

References:
- Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers
  - From: David Litchfield

Prev by Date: MDKSA-2005:175 - Updated texinfo packages fix temporary file vulnerability
Next by Date: Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers
Previous by thread: Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers
Next by thread: Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers
Index(es):
- Date
- Thread