X
Business
Home Business Companies Oracle

Oracle: Third party security patch breaks our stack

InfoWorld is reporting that Oracle is warning its customers not to implement a vulnerability patch that was developed by security researcher David Litchfield (fellow blogger George Ou had the coverage last week). Litchfield was motivated to create his own patch because Oracle, despite four attempts, has apparently failed to do so successfully (according to the InfoWorld story).
Written by David Berlind, Inactive

InfoWorld is reporting that Oracle is warning its customers not to implement a vulnerability patch that was developed by security researcher David Litchfield (fellow blogger George Ou had the coverage last week). Litchfield was motivated to create his own patch because Oracle, despite four attempts, has apparently failed to do so successfully (according to the InfoWorld story). Perhaps more interesting is how a quote from an Oracle executive further draws the "breakability" (the company claims its software never breaks) of Oracle's software into question:

Oracle was notified of the workaround before it was released, but has found it "inadequate," said Duncan Harris, Oracle's senior director of security assurance. It will break a large number of E-Business Suite applications, he said."We know it will break a number of Oracle products higher in the stack than the Oracle Application Server that the vulnerability exists in," Harris said.

eWeek has the story too (see Security disclosure debate erupts at Black Hat).  So, unbreakable or breakable?  You decide.

Editorial standards
Show Comments

Related

Anker Solix X1

Not into the Tesla Powerwall? You can now buy the Anker Solix X1

GOTRAX 4 electric scooter

The Jackery Explorer 1000 is one of the best portable power stations you can buy, and it's on sale

AI coding concept

Can Meta AI code? I tested it against Llama, Gemini, and ChatGPT - it wasn't even close