/ / / / / Oracle: We Know What's Best For You

Oracle: We Know What's Best For You

1 Comment , , , Edit
   A synopsis of what Mary Ann Davidson, who is Oracle's Chief Security Officer, said to the general public and security researchers everywhere is "We know how to find our own bugs, stop looking, or you're breaching our license agreement."  Anyone who's been in IT long enough, or at least has to deal with Java and Java updates on a somewhat regular basis knows is that Java is an insecure mess and has to be updated A LOT.  It says a lot about a company's product when even the US Government says you shouldn't be using it.  I don't hide my extreme dislike of the software myself.

hacking and security
   There are many researchers out there that want to make our lives safer by finding and reporting vulnerabilities of software.  Sometimes they even do that for free, as not everyone offers bug bounties.  Mary Davidson is telling them to stop meddling with Oracle's software as it's making her job harder.

"I can understand that in a world where it seems almost every day someone else had a data breach and lost umpteen gazillion records to unnamed intruders who may have been working at the behest of a hostile nation-state, people want to go the extra mile to secure their systems.
That said, you would think that before gearing up to run that extra mile, customers would already have ensured they've identified their critical systems, encrypted sensitive data, applied all relevant patches, be on a supported product release, use tools to ensure configurations are locked down -- in short, the usual security hygiene -- before they attempt to find zero day vulnerabilities in the products they are using."

   The blog post didn't last long actually.  After the media started looking into it, the post was unpublished.  Fortunately, it has been saved for posterity.  I guess what we should all take away from this blog post is that us little people don't know what we're doing when looking for security vulnerabilities and to let the big companies handle it themselves.  I think Mary can do a better job than me at concluding this post.

"I do not need you to analyze the code since we already do that, it’s our job to do that, we are pretty good at it... so please do not waste our time on reporting little green men in our code." -- Mary Ann Davidson, Chief Security Officer, Oracle

And as always, stay safe goblins.
SHARE

About Jimmy R. Tassin

Jimmy Tassin is the IT Manager of Midwest Regional Bank and has been involved with the Technology field for over thirteen years. His two hobbies are overseeing the daily operations of OmniKraft, a Minecraft server community, and writing at Goblinbyte.com.
    Blogger Comment
    Facebook Comment

1 comments:

  1. David GeigerAugust 22, 2015 at 8:45 PM

    I saw this story. She's got some good points, but relies to heavily on "We're the vendor, we know what we're doing, you don't."

    ReplyDelete

Subscribe to: Post Comments ( Atom )