Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "web seminar for Oracle roadmap of Oblix integration"] [Next entry: "Oracle's 10g Encryption Feature Is a Fine First Step"]

Mary Ann Davidson fights back - When security researchers become the problem

I just saw that Mary Ann Davidson - Oracle's Chief Security Officer - has written a news article for titled - (broken link) When security researchers become the problem. This is a very interesting article and is quite clearly a rebut against recent challenges to Oracle to fix bugs more quickly by releasing advisories for unfixed bugs. This is a good article where Mary Ann tries to defend her position whilst attacking the position of those who have released details of exploits. It is also interesting that she tries to justify Oracles timescales which is fair enough - her argument is good but she doesn't actually explain why it takes 2 years to fix bugs.

The article doesn't mention the recent problems with the April CPU and subsequent problems with the fixes to the April CPU or the issues raised by Cesar on the July CPU. It also doesn't say when the outstanding lists of bugs on the likes of Alex, David Litchfields and Argeniss's sites will be fixed, a lot of which were reported more than one year ago.

The article has a link at the bottom where it is possible to leave a comment for Mary Ann.