Johan Beckers, director of technology solutions at Internet Security Systems (ISS) singled out the two companies when talking at a Network and Security event in Capri, Italy.
"Let me put it this way," he said. "There are some companies that do not respond to us finding vulnerabilities in their software in the right way. They still think we are the enemy. I would say Cisco and Oracle have problems in this area."
ISS runs a vulnerability research team that works with a number of enterprise companies to find vulnerabilities in its software before hackers do. According to Beckers not all companies are as lax as Cisco and Oracle, and he singled out Microsoft for particular praise.
ISS was at the event peddling its Proventia security appliances which protect against viruses, spam and malware.
In August SC reported Cisco faced a major security scare when its password protection system for entry to its customer portal had been compromised.