We disclosed this to Oracle on Oct. 25 last year. Around the same time, they were alerted to another high-risk flaw that is not as serious as this one. They fixed that one in the January CPU but neglected to fix this. It's not a case of not having enough time, because the fix is trivial and the risks are severe.
There are not yet any comments on this quote. Why not register / login and be the first?
This quote is just one of 9 total David Litchfield quotes in our collection. David Litchfield is known for saying 'We disclosed this to Oracle on Oct. 25 last year. Around the same time, they were alerted to another high-risk flaw that is not as serious as this one. They fixed that one in the January CPU but neglected to fix this. It's not a case of not having enough time, because the fix is trivial and the risks are severe.' as well as some of the following quotes.
SQL injection is probably today's biggest security issue. This problem has been known about for years, but seven out of ten Web applications are still vulnerable. I find it extremely frustrating.
On November 7 NGS alerted NISCC to the problem. It was hoped that due to the severity of the problem that Oracle would release a fix or a workaround for this in the January 2006 Critical Patch Update. They failed to do so.
We disclosed this to Oracle on Oct. 25 last year. Around the same time, they were alerted to another high-risk flaw that is not as serious as this one. They fixed that one in the January CPU but neglected to fix this. It's not a case of not having enough time, because the fix is trivial and the risks are severe.
Oracle still has not released an official patch, so it is still leaving its customers at risk. It is a trivial thing to fix. If the company is still working on it, I do not understand why.
I don't think leaving their customers vulnerable for another 3 months (or perhaps even longer) until the next CPU [Critical Patch Update] is reasonable especially when this bug is so easy to fix and easy to workaround. Again, I urge all Oracle customers to get on the phone to Oracle and demand the respect you paid for.
This quote is just one of 9 total David Litchfield quotes in our collection. David Litchfield is known for saying 'We disclosed this to Oracle on Oct. 25 last year. Around the same time, they were alerted to another high-risk flaw that is not as serious as this one. They fixed that one in the January CPU but neglected to fix this. It's not a case of not having enough time, because the fix is trivial and the risks are severe.' as well as some of the following quotes.