Oracle and Bug Hunters Clash Over Flaw Reports

December 11, 2006

[From Computerworld]

December 11, 2006 (Computerworld) -- The long-standing tension between software vendors and independent researchers who try to find security holes in products came into public view late last month, when Oracle Corp. criticized bug hunters after it came under fire for its security practices.

In a message posted Nov. 27 in a blog on Oracle’s Web site, Eric Maurice, manager of security in the company’s global technology business unit, said Oracle wouldn’t let external perceptions drive its software security policies. Maurice reiterated Oracle’s commitment to strong security practices but said it would continue to prioritize vulnerabilities based on their criticality and not on who had discovered them.

The article continues at http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=276275&taxonomyId=17&intsrc=kc_top