Weak of Oracle Bugs
Posted by jericho
No, not a typo. A couple weeks back, Argeniss “was proud to announce that we are starting on December the “Week of Oracle Database Bugs” (WoODB).” A couple days ago they abruptly called off the WoODB with the following message:
We are sad to announce that due to many problems the Week of Oracle Database Bugs gets suspended. We would like to ask for apologizes to people who supported this and were really excited with the idea, also we would like to thank the people who contributed with Oracle vulnerabilities.
It’s hard to ignore the obvious possibility (especially with so many other people saying the same) that they solicited the community to support their effort by submitting unpublished Oracle vulnerabilities, then arbitrarily shut the effort down while keeping all the information and not sharing it as stated. Argeniss, why not give us the full story? Were you threatened by Oracle? Drastic change of ethical stance? Pure greed when you realized the value of a hundred contributions?
Jericho/OSVDB,
To satisfy all of the concerns that this was a stunt to get new vulns, I think you should probably meet Cesar, or ask him how many 0day oracle vulns they have been sitting on for the last year without the ‘one or two’ vulns that got sent to them.
This isn’t a conspiracy to get more vulns.
http://archives.neohapsis.com/archives/dailydave/2006-q4/0279.html
Cesar has posted a better explanation for why it was cancelled after the pressure to come clean.