Oracle sure took its sweet old time patching this...

Oracle is best known for its database system, which many thousands of companies make use of in some capacity or another. It's big, it's bad, it's complex, but it's also got some amazing features, like clustering and replication that many other databases (open source and otherwise) can't hold a candle to, assuming that you understand it well enough to make it work. It's a complex beast, no two ways about it. That complexity, however, is no excuse for them taking two years to patch a security vulnerability in Oracle 10. It's a cross-site scripting bug in the enterprise search subsystem …

Read more...