From Oracle's Chief Security Officer: one of the finest marketing posts for free software I've seen in 2015
David Gerard
dgerard at gmail.com
Tue Aug 11 19:10:24 UTC 2015
On 11 August 2015 at 20:00, Alessandro Rubini <rubini at gnudd.com> wrote:
> But most likely I didn't get the point about this post. Can you please
> expand?
Hmm, you're the only person so far I know of who hasn't reacted in shock.
* The attitude of security by obscurity, as if telling your customers
"don't look!" stops the black hats for a second.
* Don't look for security holes in Oracle, it's a violation of your license.
* If you find security holes, don't tell us, it's a violation of your
license to have looked and we will send a legal notice telling you to
throw away the information.
* It is true that someone found a pile of actual security holes, but
we were totally going to fix them, honest! Some time or other.
* The tone of contempt for the customer, daring to look and ascertain
their own security risk.
This is precisely why we need software freedom.
As a sysadmin, I was shocked that a vendor with a high-quality free
software alternative would write something like this that makes them
look *utterly incompetent* in the field of security.
Reactions on Hacker News:
https://news.ycombinator.com/item?id=10039202
https://news.ycombinator.com/item?id=10040428
Someone immediately found an XSS on Oracle's site:
https://twitter.com/thegrugq/status/631056841670135808
Oracle's database software is very good indeed - it gives your data
back reliably and with fantastic performance. The problem is literally
every other aspect of dealing with Oracle ...
- d.
More information about the Discussion
mailing list