Problem: Speed kills quality. Oracle sometimes has to check to ensure that even locking down a given component wont break a 10-year-old version of a supported version. And Oracles products are complex. And theyre getting more complex. Theyre getting more numerous with the acquisitions binge. And then theres Project Fusion, which will either wipe out past sins as the company starts with a brand-new architecture or will usher in brand-new sins, since it will be a brand-new code set. Realistically, it will do both: Wipe out old code sins and replace them with new code sins.How will Oracle stay on top of all this code, as it buries its hands in the piles of code its acquired and wrestles it into Project Fusion?One thing its started to do is root cause analysis. "When security bugs do occur, [were asking things such as] Why did this bug happen, were standards unclear? Was training sufficient? Is this bug a single instance of something, or is it more pervasive?" Heimann said. Heimanns last point was echoed by Thomas Kristensen, chief technology officer of the bug-monitoring company Secunia, in a discussion over the 252 possible vulnerabilities reported in October by security researcher Alexander Kornbrust. "Sometimes you can find some issues that appear to be individual vulnerabilities, but if you look at the underlying code the number of fixes applied doesnt apply to the number found by researchers." Is a given flaw isolated? Is it indicative of a systemic problem? Is it a flaw or a feature, aka false positive? Its software design. Its basically an art as much as a science, Heimann said. Oracles chief hacking officer drinks with the black-hat crowd. Oracles finding out new ways to break its code, just like the external security researchers, the David Litchfields and Alexander Kornbrusts of the world. And then, just like any vendor, its figuring out how to fix that code, and how to make sure that next time, maybe it wont breakas much or, maybe, in an elusive perfect world, not at all. Check out eWEEK.coms for the latest database news, reviews and analysis.