The Inquirer-Home

Oracle database lacks security

Has holes and sits on patches
Thu Aug 05 2004, 08:50
DATABASE GIANT Oracle was blasted by a British security expert for its poor performance on security.

According to, David Litchfield, founder of Next Generation Security Software issued a damning attack on Oracle claiming that the database software contains more than 34 security holes.

Litchfield had planned to talk about Oracle's vulnerabilities at the Black Hat Security Briefings held last week in Las Vegas, but he couldn't because the database company had not yet issued the patches to fix them. He moaned to the Wall Street Journal instead, and a somewhat sheepish Oracle replied that it was trying to fix the holes.

However Litchfield seems to have hit a raw nerve among Oracle users who are not so concerned that the database has more holes than Blackburn Lancashire, but the fact that it patches them considerably slower than a cash strapped town council.

To make matters worse, Litchfield claimed the patches have actually been built but Oracle was just sitting on them. Perhaps to make sure they hatch properly. The full yarn is here. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015