Rob over at Googgun always comes through with the good information.
This time, he sent me a great link to this article describing how Gartner hammered Oracle's security practices like when Dux landed the "Dim Mak" in Bloodsport. Granted, Gartner's a bit late to the party on this one - a number of analysts have been critical of Oracle for a while now - but Gartner's big, so people listen when they say stuff.
Check out all the meaty derision for Oracle in their research:
Oracle provides only very limited information about vulnerabilities — far less than is industry-standard — making it difficult for enterprises to evaluate the risk. The company sometimes patches internally discovered vulnerabilities without releasing details.
Ouch... I love it. And:
The quality and ease of use of Oracle patches still require improvement, because of reported installation and stability problems.
I'm not a Gartner-zombie or anything, but they're on-target with this one.