Oracle threatens researcher?
The much talked about Week of Oracle Database bugs just came to a grinding halt. If you ask me this reeks of Oracle using their financial muscle to sick some lawyers on the computer security researcher. Of that I can’t be sure of course, but it certainly seems to be the case. That raises another question for me. In litigation happy America, not one company has yet to sue Oracle, Microsoft, or other software company for their, some would say criminal, attitude in patching their software once a researcher has found a problem with it. If I discovered that my company got hacked with 0 day code that the company knew about, you can bet I would seriously consider suing that company for damagers. That companies should take months, and others years, to patch critical holes in their software to me is simply insane. No one likes government sticking their nose where it doesn’t belong, but this is a case where government should step in, and perhaps lay down some legislation to force companies to patch quicker. The flip side to that would also be that companies would likely then spend more time in Q&A before taking a product to market. Either way, it would be win/win for the consumer.