Silently Fix Security Flaws: Bad Practice?

There is practice used by many software companies to silently fix bugs, especially security related bugs and flaws. It is intelligible in some way, if those flaws are not publicly known. But, otherwise if those bugs are known and publicly reported by various incident response teams, this silent practice could be strange in some way. This practice has been used by some big companies also, for example by Oracle.

At you can find interesting list of silently fixed security bugs in Oracle Critical Patch Update July 2005.

Red-Database-Security GmbH ( is specialized in Oracle security only. As it is stated on web site, their mission is: “Make Oracle software more secure and help our customers to protect their most valuable data”. Also, according Red-Database-Security, Oracle is really slow in fixing security issues.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.