Hacker cancels plan to publicize Oracle database flaws

A bug hunter who had promised to disclose one zero-day bug in Oracle Corp. databases every day for a whole week in December has abruptly canceled his plans to do so.

In a brief noted posted on his company's Web site, Cesar Cerrudo, founder of Buenos Aires-based Argeniss Information Security, said he had suspended his plans for a week of Oracle Database bugs "due to many problems."

Cerrudo apologized to those who had contributed to the project, but offered no explanation for his decision to cancel the initiative, which was announced only last week.

In an e-mailed comment, Cerrudo said he was "sad and angry" about the decision, but he added that he preferred not to comment any further because he didn't want to cause "more problems."

In the original note announcing his plans, Cerrudo said his effort was inspired by a similar Month of Browser Bugs and Month of Kernel Bugs announced earlier this year by other independent vulnerability researchers.

"We want to show the current state of Oracle software (in)security (sic)," Cerrudo said in his note. "We want to demonstrate Oracle isn't getting any better at securing its products."