“They (Oracle) are one of the slowest to get things patched. It is astonishing how backwards they are in terms of fixing security issues.” -- David Litchfield, co-founder and principal security consultant, NGSSoftware
The Apache module, which contains the flaw, allows Web applications to use the Procedural Language/Structured Query Language (PL/SQL) to dynamically create database calls. The code has security weaknesses that have been perennial sources of problems for the database maker. Oracle has patched various issues found by NGSSoftware four times, and each time, the company finds a way around the patch, Litchfield said.