A researcher canceled on Tuesday his stated plans to release a serious security vulnerability in Oracle's database every day for a week.
Dubbed the Week of Oracle Database Bugs, the initiative would have mimicked two other recent projects the focused on disclosing daily software flaws: The Month of Browser Bugs and the Month of Kernel Bugs. The project--which was the brainchild of Cesar Cerrudo, the founder and CEO of Argeniss Information Security--would have been the first bug-a-day initiative to focus exclusively on one software maker.
"We would like to ask for apologizes [sic] to people who supported this and were really excited with the idea; also we would like to thank the people who contributed with Oracle vulnerabilities," Cerrudo said in a statement posted to the Argeniss Web site.
Cerrudo, when contacted by SecurityFocus, would not elaborate on the reasons for canceling the project.
The bug-a-day projects are a mark of researchers' discontent with software makers' handling of security issues. Oracle's security policies, in particular, have often been criticized. Two security firms that focus on database security--Red Database and Next-Generation Security Software--have both taken Oracle to task for the amount of time the company takes to fix software issues.
Cerrudo had originally stated that he targeted Oracle because he believes the company has not improved its handling of security issues.
Posted by: Robert Lemos