Oracle and Bug Hunters Clash Over Flaw Reports
December 11, 2006[From Computerworld]
December 11, 2006 (Computerworld) -- The long-standing tension between software vendors and independent researchers who try to find security holes in products came into public view late last month, when Oracle Corp. criticized bug hunters after it came under fire for its security practices.
In a message posted Nov. 27 in a blog on Oracles Web site, Eric Maurice, manager of security in the companys global technology business unit, said Oracle wouldnt let external perceptions drive its software security policies. Maurice reiterated Oracles commitment to strong security practices but said it would continue to prioritize vulnerabilities based on their criticality and not on who had discovered them.