Have you ever seen this?
Security researchers have criticized Oracle in the past for the time the company has taken to fix vulnerabilities.
In July 2005, security experts at Red Database Security outed six flaws, claiming that the company had more than 650 days to fix the security issues.
Peter Finnigan, who first noted the change in policy has provided a great list of tools for auditing and testing oracle databases. If you get a chance, do visit his site at :