Scary Oracle Numbers
Posted by jericho
http://www.eweek.com/print_article2/0,1217,a=160368,00.asp
On Security, Is Oracle the Next Microsoft? September 16, 2005 By Paul F. Roberts
While [Oracle CSO Mary Ann Davidson] acknowledges that some of the criticism from Litchfield and others is valid, outsiders aren’t privy to the 75 percent of product holes that Oracle discovers and fixes internally.
OSVDB has listings for roughly 330 Oracle vulnerabilities. If we take Davidson’s comment at face value and believe the number isn’t inflated, that means those 330 represent 25% of the vulnerabilities in their products. So according to Oracle, they have over 1,300 vulnerabilities in their products that they know of.