http://www.csoonline.com/article/591737/Inside_Oracle_s_security_assurance_program By Bill Brenner Senior Editor CSO April 22, 2010 Oracle has had its share of criticism this past decade over coding holes that led to many a critical patch update. As a result, CSO Mary Ann Davidson has worked to change her company's code-writing culture. How well that's gone is in the eye of the beholder (customer). But at the SOURCE Boston conference Thursday, Davidson walked attendees through the specific things Oracle has done to make security a priority from the start of the product development process. She acknowledged that customers have come down hard on Oracle to do better in recent years, especially in the aftermath of acquisitions like that of Sun Microsystems, which Davidson described as a boa constrictor swallowing an elephant. "Flaws can limit accountability, make it easier for someone to corrupt systems internally and falsify measurement and reporting," she said. "It's bad if there's a defect in your software. It's worse if a customer gets breached while you are hosting a service for them." She noted that a growing number of customers want third-party organizations to look at Oracle's code. They want to know exactly what Oracle is doing for security, she said, adding that as business becomes more regulated, the burden on the vendor as a supplier is heavier than ever. As Oracle acquires more technology, that pressure has been amplified. Davidson recalled having an unpleasant conversation with a customer about a particular product. The customer had suffered a security breach before Oracle acquired the flawed product that was involved. Now it was Oracle's problem, and the customer wanted to know what the company was going to do about it. [...] _______________________________________________ Best Selling Security Books and More! Shop InfoSec News http://www.shopinfosecnews.org/Received on Thu Apr 22 2010 - 22:45:40 PDT
This archive was generated by hypermail 2.2.0 : Thu Apr 22 2010 - 22:56:59 PDT