Over the years there is a tendency among some database vendors to avoid disclosure of any technical details regarding patched vulnerabilities. Sadly, this approach puts database customers at risk. What can enterprises do? We show how to reverse engineer a handful of Oracle vulnerabilities and describe workarounds that could be put in place until the patch is applied. - See more at: http://www.rsaconference.com/events/eu13/agenda/sessions/553/why-does-database-patching-require-a-phd#sthash.DqAs1QEd.dpuf