, SecurityFocus 2002-01-16
A U.K. security expert is preparing to unveil a trove of serious vulnerabilities in Oracle's database products. Can the company redefine 'unbreakable' in time?
Expand all |
Post comment
14 evaluations missed what 1 guy found...
2002-01-16
Anonymous (5 replies)
Anonymous (5 replies)
14 evaluations missed what 1 guy found...
2002-01-17
Brad C. Johnson, Vice President, SystemExperts Corp.
Brad C. Johnson, Vice President, SystemExperts Corp.
Let's be real folks. All us security types know that security is a rich topic for 'truth or dare.' And everyone beats up Oracle's marketing department for their hype. So what? Mary Ann was recently given the highest ranking security position that Oracle has ever had. She is justifiably proud of Oracle's history of security work because she's seen all the 14 (Orange Book, etc.) evaluations of the database, and much, much more. She's really trying to make a difference and now she's in a position to make it so. Consider the following.
We all know few businesses buy software just for security reasons. Do huge numbers of security flaws stop anyone from buying M$ products??? How many people buy supposedly "secure" products that suck in functionality? Right, I thought so. Ignore Oracle's marketing hype for a moment. Oracle is seriously attempting to promote security as a product differentiator. Mary Ann really believes what she said to Mullen:
"We believe the market effect of the 'Unbreakable' campaign raises the security bar and therefore improves security overall, both in forcing us to live up to the statement, and forcing others in the industry to begin to do the same," wrote Davidson. "If our security today is imperfect but better than the competition, and if customers make a buying decision based on that criteria, than in the long term you will see all products in the market improve."
So what if Oracle's marketing hype isn't literally true? (Folks who take literally *any* marketing messages have bigger problems than this ;^) Oracle's marketing hype is just a reflection of Larry--take it for what it is. Now ask yourself: do you know of any other company (the size of Oracle) with the balls to put up such a challenge and is willing to deal with the consequences?
I can only wish Oracle 'good luck' and 'godspeed' in responding to the inevitable flow of security vulnerabilities yet to be found. White hat hackers be happy! Oracle is proof that you *can* make a difference!
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/309/9960#9960