November 29, 2006 2:39 PM PST

Week of Oracle bugs axed--for now?

by Joris Evers
  • Font size
  • Print
  • Post a comment

The bug hunters at Argeniss have put their plans for a "Week of Oracle Database Bugs" on ice.

Due to "many problems" the initiative has been "suspended," according to a posting on the Argeniss Web site. The company provides no additional details.

The researchers had planned to disclose a zero-day vulnerability in Oracle's database software every day during a week in December. The initiative was meant to show that Oracle's is failing when it comes to product security.

Some database security experts had blasted the idea.

"It will just make life more difficult for many hard working DBA's and security managers," Pete Finnigan, an Oracle security specialist in York, England, wrote on his blog. "Oracle are getting better at fixing bugs, give them a chance and don't make further unnecessary risks to customers."

Oracle has been facing increased heat recently from security researchers, in particular from David Litchfield, a British security researcher who constantly has Oracle in his crosshairs.

Last week Litchfield published a pair of papers, one highlighting what he called a new class of attacks on Oracle databases as the result of "dangling cursors" left by developers (see PDF) and another that compared Oracle and Microsoft database security (see PDF).

"The conclusion is clear--if security robustness and a high degree of assurance are concerns when looking to purchase database server software...one should not be looking at Oracle as a serious contender," Litchfield concluded in his second paper.

Oracle responded on its product security blog on Monday. "One of Oracle's highest priorities is the security of our customers," company representative Eric Maurice wrote.

But, he wrote, "because software engineering is a complex discipline, the absence of security flaws in released software cannot be fully guaranteed. "

Topics:

Security

Share:
Digg
Del.icio.us
Reddit
Recent posts from News Blog
Nvidia puts NForce chipset development on hold
Opera 10 browser is here
Neil Young Archives Blu-ray: Rip off?
Acronis revises survey results about backup habits
Acronis miscalculates data on users' bad backup habits
Flickr co-founder presses beta button
Comcast, Sony open retail store
Cox to try coaxing the Internet into submission
Related
Oracle delivers strong quarter, outlines plans for Sun
Oracle pledges to play well with MySQL
Bartender, gimme a beer from outer space
Reporters' Roundtable Podcast: Biggest tech stories of 2009
Google, Red Hat represent tech at Obama jobs summit
IBM opens new cloud lab while Microsoft reorgs
MySQL and a tale of two biases
HP swooping in on Sun customers
advertisement

15 sites that went kaput in 2009

Web sites launch all the time, but they also shut their doors. We highlight 15 that bit the dust this year.

Top 10 news stories of the decade

Let the debate begin: Was the iPhone more important than iTunes? Was anything bigger than Google finding a great business model? CNET offers its list of the 10 most important stories of the '00s.

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
CES 2010
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET