Forwarded from: The Unknown Security Person... > Oracle has been criticized for dragging its heels on fixing security > flaws and being unresponsive to researchers who find bugs. Oracle's > Chief Security Officer, Mary Ann Davidson, in response said security > researchers can be a problem when it comes to product security. How exactly? Oh yeah, they point out the flaws in the products. Don't shoot the messenger here folks. Let's remember who created this "unbreakable" (anyone remember those commercials?) software with several hundred bugs patched per year (and who knows how many are found and not yet patched. Yikes). Can anyone imagine another database vendor doing such a bad job as Oracle is? Last I heard DB2, PostgreSQL and MySQL and heck even MS-SQL all have significantly happier customers and better security experiences. P.S. 60 bugs patched per quarter it seems on average, many of which are months or years old, this means we can expect 60 more patches a quarter for a LONG time from Oracle folks, unless of course those pesky security researchers stop reporting flaws in which case we only have 1-2 more years of 60 bugs fixed per quarter. Ain't it great? _________________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Mon Oct 24 2005 - 06:26:19 PDT