According to Mary Ann Davidson (Oracle CSO), applications will have to defend themselves from attack in the future.
How can a software defend from attacks? Every Marine has a weapon (M16) so probably attacking attackers is the best approach. This means we need also weapons for the database… After 3 invalid login attempts Oracle could ban the IP or start a denial of service (d.o.s.) attack against the bad ip address/address range. This could be a nice talk for one of the next security conferences.
I think this is the wrong approach. I agree with Mary Ann that developers (even Oracle developers) should develop good and secure code.