Security researcher David Litchfield, who has found more bugs in the Oracle database than any other security expert, has done it again.
Speaking at the BlackHat DC Conference, Litchfield unveiled a flaw in Oracle 11g that would allow a hacker to take over the database server. In an article in Forbes , Litchfield said that his latest bug find was one that would be obvious to any competent software developer. In the article he said the flaw showed that Oracle was still treating security as an afterthought rather than a part of the development process.
After nine years of haunting Oracle, Litchfield announced his resignation from NGS Software. The company was sold to NCC Group in November 2008.