Oracle shored up 36 security holes on Tuesday, including a vulnerability revealed by a British security researcher in January during a presentation critical of the pace at which the company patches.

The Critical Patch Update (CPU) secures 15 issues in the Oracle's E-Business Suite and Applications software, 14 security holes in its database software, five flaws in the companies Collaboration Suite and a single vulnerability in the company's Application Server. The company's three Enterprise Manager software packages each had two security holes plugged by the patch.

A set of security vulnerabilities found by Next-Generation Security Software, and presented at a security conference in January, affected four of the Oracle applications. At the time, NGSSoftware researcher David Litchfield took Oracle to task for not fixing the issue in the last CPU released in January. The public outing of the flaws lit off a war of words between the two companies.

The release of the fix for the issues marks the latest maneuver in the pitched battle between security researchers and software makers. Earlier this month at the CanSecWest Security Conference, researchers and security companies defended the sale of vulnerability information amidst criticism from the software industry. At the Black Hat Security Briefings in Las Vegas last summer, networking giant Cisco and network protection firm Internet Security Systems filed suit against a security researcher for disclosing methods to run code on Cisco's networking hardware.

Oracle has taken a significant amount of criticism for its handling of software security issues. The company's January CPU consisted of fixes for 82 flaws, two of which took more than 800 days to fix. Last year, researchers took the company to task for taking more than 650 days to publish a fix for a security issue.