Oracle learned about the problems early this year and has taken some steps to fix them but hasn't eliminated the flaws, said David Litchfield, managing director of Next Generation Security Software Ltd., Surrey, England. Litchfield, who told the company of the problems, said some of the vulnerabilities should be considered critical because they could allow hackers to gain control of database systems without a user identification or password.
Oracle, Redwood Shores, Calif., touts its security credentials, including certifications that make its database systems eligible for purchase by the Pentagon.
This article was compiled and edited by CIO Update staff. Please direct any questions regarding its content to Allen Bernard, Managing Editor.
See the complete story at www.wsj.com (paid registration may be required).