Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "leaking information about Oracle databases could be a dangerous thing"] [Next entry: "A great snort rule to detect the mod_plsql 0-day bug"]

Oracle aims to tone security muscle with Fusion - (broken link) Oracle aims to tone security muscle with Fusion - By Joris Evers

"REDWOOD SHORES, Calif.--Billions of dollars worth of acquisitions have bought Oracle a perhaps unexpected bonus: security lessons.

Last year, the technology maker bought more than a dozen companies. Now it's picking up tips from those operations and using them in a major overhaul of its business applications software, an initiative called Project Fusion. Other products and processes are benefiting, too."

The really interesting quote for me in this artiel is the mention that Oracle in 11g will secure the database product out of the box rather than the current completely open status the database products enjoy by default now. This is very welcome news for all customers of Oracle. I have been writing about the problems of the Oracle database being open by default for years. I remember I had an email from Mary Ann Davidson a couple of years or so ago where she asked what i thought was an off the cuff theorectical question about what i would secure first in Oracle, also we discussed a secure out of the box version of Oracle, I think I suggested using a wizard to help secure the product by default. I don't or one minute think Mary Ann took notice of me particularly but I do welcome the fact that she is taking notice of the main issues and doing something to fix them. Great news, thanks Joris!