Well it seems to me that Oracle threatened Cesar with legal action should he continue, hence his shutting down the project. Nothing else makes ense. I think it is about time that the government step in and mandate disclosure of bugs by vendors once they are notified of them, and furthermore, mandate a fix time. The insane times that some vendors take to fix problems is simply ludicrous. The old bull$hit of "regression testing" only goes so far. Were I an American company who was rooted via some 0 day that Oracle knew about, but did not fix within a reaonable time-frame, I would be suing their a$$ in court for damages. Oracle might sit up and take notice if they were successfully litigated for millions. Perhaps Mark Rasch may have a word or two to say on the matter.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/371/1558#1558