According to www.enterprise-security-today.com, David Litchfield, founder of Next Generation Security Software issued a damning attack on Oracle claiming that the database software contains more than 34 security holes.
Litchfield had planned to talk about Oracle's vulnerabilities at the Black Hat Security Briefings held last week in Las Vegas, but he couldn't because the database company had not yet issued the patches to fix them. He moaned to the Wall Street Journal instead, and a somewhat sheepish Oracle replied that it was trying to fix the holes.
However Litchfield seems to have hit a raw nerve among Oracle users who are not so concerned that the database has more holes than Blackburn Lancashire, but the fact that it patches them considerably slower than a cash strapped town council.
To make matters worse, Litchfield claimed the patches have actually been built but Oracle was just sitting on them. Perhaps to make sure they hatch properly. The full yarn is here. µ