"We consider such practices, including disclosing 'zero-day' exploits, to be irresponsible as they can result in needlessly exposing customers to risk of attack," the blog noted without citing any researchers by name. The blog added that Oracle closely monitors the publication of such zero-day flaw information to see whether it poses a realistic threat to customers and, if need be, to issue a patch if it does.

"Ultimately, we seek to work with security researchers as partners for the purpose of making our products more secure," the blog said. "But we do not contract security researchers for competitive research, or for the main purpose of placing them under a contractual 'obligation of silence.'"