Lol Oracle.

Lambda 1 Minute

Lol Oracle.

Originally shared by Vlad Markov

I think Mary Ann Davidson together with entire Oracle Security department will be fired soon for idiotic unprofessionalism and lack of understanding security industry.

http://arstechnica.com/information-technology/2015/08/oracle-security-chief-to-customers-stop-checking-our-code-for-vulnerabilities/
Unknown's avatar

Published by John Hardy

Closures are a poor man's object. Objects are a poor man's closure.

Published

17 thoughts on “Lol Oracle.

  2. Maybe that’s how Oracle was planning on dealing with hackers: suing them over licensing agreements until they go blind.  Assuming all hackers are within 15 miles of Redwood Shores, it should work great!

    Like

    Reply

  7. I’m willing to accept that a lot of security reports are false positives and probably a waste of time. That however is the nature of the beast, no software is ever “done” and Oracle are idiots.

    Like

    Reply

  8. Talking only from personal experience of working with Oracle databases, the code, programme directory structure, and security protocols resemble a DIY project in which successive ‘improvements’ have been merely bolted on rather than ever returning to a design stage to eliminate mutually conflicting additions, or even to start again by re-writing whole modules from scratch.

    Oracle’s only advantage so far has been its stability relative to Microsoft’s products, the astonishing expense of IBM solutions, and the relative ignorance in the marketplace about the costs of customising open source systems to meet organisational and specific security requirements.

    If I interpret what I read correctly, Oracle has just admitted that the use of its products includes a tacit acceptance of their inherent insecurity.

    Like

    Reply

  9. Emlyn O’Regan From what I’ve seen, because you’re a project or other senior manager who doesn’t understand a word on the Oracle Salesdroid’s powerpoint presentation, and are completely deaf to the sound of screaming coming from all technically competent people in your vicinity.

    Once your company is locked in to has some experience with Oracle, of course, it becomes all about being _un_willing customers.

    Like

    Reply

  10. I love this part the most, after she’s gone on and on about why she doesn’t want reports from customers:

    Q. Hey, I’ve got an idea, why not do a bug bounty? Pay third parties to find this stuff!

    A. Bug bounties are the new boy band (nicely alliterative, no?) Many companies are screaming, fainting, and throwing underwear at security researchers** to find problems in their code and insisting that This Is The Way, Walk In It: if you are not doing bug bounties, your code isn’t secure. Ah, well, we find 87% of security vulnerabilities ourselves, security researchers find about 3% and the rest are found by customers.

    Like

    Reply

  11. So, what she’s saying is “10% of the time, these bugs aren’t found by us, but by the customers. And since its our job that we only succeed at almost 9/10 times, we don’t need you to tell us about that 1 in 10 bug we have no idea of. Because why are you in our code?!?”

    Like

    Reply

  15. We all — well, those of us who have customers — have days when we feel like this about our customers.

    Not exploding over said customers with incoherent rage about it is the secret to keeping said customers…

    Like

    Reply

  16. Shannon Roy this is security we are talking about, not just customers. If 3% of the complaints substantiated, it means 1/33 have serious production risk bringing operations for serious corporations down. We are talking about image of the company overall, which per this article looks kind of flaky.

    Like

    Reply

Leave a reply to Vlad Markov Cancel reply