Database vulnerabilities discovered{1}

by Alexander V

“The largest dedicated database security, vulnerability and misconfiguration research team in the world,” TeamSHATTER, is a department of Application Security, Inc. TeamSHATTER has the most knowledge out of anyone else in the industry in regards to database vulnerability and they know how to make security “an integral part of an enterprise’s…infrastructure.” Recently, TeamSHATTER researchers discovered and reported “four out of the five database vulnerabilities disclosed in the October 2011 Oracle Critical Patch Update (CPU).” The critical patch update for October contained 57 vulnerability fixes, five of which were specific to Oracle database server. The director of TeamSHATTER, Alex Rothacker, said that the October CPU is the weakest release they’ve seen since 2005. He states that “there is a record low number of database patches,” which show that Oracle is “losing focus on database security improvements.” Lastly, he believes that even if Oracle is losing focus because of other commitments or a rise in business, it is “more important than ever for organizations to apply patches as soon as possible while simultaneously employing strong risk mitigation controls.”



This article was an interesting read. I would never expect a company such as Oracle to have so many database vulnerabilities. I thought that Oracle would be competent enough to be able to detect vulnerabilities in their own products before a third party does. I think it is great that TeamSHATTER checks for vulnerabilities in other companies’ databases. The article does not say whether they were paid to discover or for discovering the vulnerabilities mentioned in the article. I am going to assumed that they were paid. As for why Oracle is lacking security improvements for databases, I believe that it is probably because of the increase in business they have received after all the recent data breaches that have occurred.


References Application security, inc. TeamSHATTER researchers discover four database vulnerabilities in october oracle critical patch update. (2011, Oct 19). Business Wire, pp. n/a. Retrieved from