[This was originally published on the OSVDB blog.]
http://www.eweek.com/print_article2/0,1217,a=160368,00.asp
On Security, Is Oracle the Next Microsoft?
September 16, 2005
By Paul F. RobertsWhile [Oracle CSO Mary Ann Davidson] acknowledges that some of the criticism from Litchfield and others is valid, outsiders aren’t privy to the 75 percent of product holes that Oracle discovers and fixes internally.
OSVDB has listings for roughly 330 Oracle vulnerabilities. If we take Davidson’s comment at face value and believe the number isn’t inflated, that means those 330 represent 25% of the vulnerabilities in their products. So according to Oracle, they have over 1,300 vulnerabilities in their products that they know of.