Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "A new paper on a security hole in Application Server Control"] [Next entry: "Another Larry news article on security from OOW"]

Larry Ellison speaks about fixing security bugs



CRN has a good news article about Larry's speach at Oracle Open World. The article is written by Barbara Darrow and is titled "Ellison Speaks On Oracle Partner Challenges, Security". This is a great article that talks about the only question posed to him at OOW that rattled him were about security. One member of the audience asked if Oracle would commit to fixing known security bugs within a quarter of their discovery. Larry's answer was NO. He went on to qualify slightly. He then went on to claim that an Oracle database had not been broken into for 15 years! He then went on to say that if someone had posted a username and password on the net then its not the same as breaking in. He also said nobody could break into an Oracle database except some guys he could name who are on our side!. First of all bugs have been found that do not require authenticated access in the last 15 years and also if some guys who are on our side can get in, does that mean there are backdoors in the software?