Zero-day details underscore criticism of Oracle
Article about the slowness with which Oracle is patching its software. Given the fact that many companies will be using Oracle software to store a lot of their critical information, it's quite worrying that they can take over 2 years to deploy a fix for a bug.
We've seen with the current worm/botnet problems, a trend for security exploits to be part of professional criminal activities. So I wonder what the likelihood that there are Blackhats actively working on finding database flaws... I'd say reasonably likely, with that likelihood increasing over time.
So if we assume that, then we can assume that they'll be finding the same things that security researchers have been finding and notifying Oracle of, at which point it becomes pretty worrying that Oracle are so unresponsive in terms of patching these flaws...