tag:blogger.com,1999:blog-13265058.post113928692068813979..comments2023-10-28T23:33:56.980+11:00Comments on Sydney Oracle Lab: Oracle security interview - thoughtsSydOraclehttp://www.blogger.com/profile/08828771074492585943noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-13265058.post-1140125297022281092006-02-17T08:28:00.000+11:002006-02-17T08:28:00.000+11:00I agree. I'd add that I think the details they sup...I agree. I'd add that I think the details they supply in their CPU are more targetted at 'what they've fixed, and so what you need to test' than letting you know what the fixed vulnerabilty actually was.<BR/><BR/>I felt the Oracle representative interviewed overly critical of security reasearchers who don't abide by Oracle's policies. I think there's room for professional disagreement. Sometimes Oracle will be right, sometimes the security reasearchers will be right.SydOraclehttps://www.blogger.com/profile/08828771074492585943noreply@blogger.comtag:blogger.com,1999:blog-13265058.post-1139422405352673142006-02-09T05:13:00.000+11:002006-02-09T05:13:00.000+11:00Gary,I think Oracle meant that even though their e...Gary,<BR/>I think Oracle meant that even though their employees discovered security bugs/flaws, they are still disclosed in the CPU along with the fixes.<BR/><BR/>It's a slippery slope as a fix if not fully tested could break a lot of things.Peter Khttps://www.blogger.com/profile/14068944101291927006noreply@blogger.com