From Oracle's Chief Security Officer: one of the finest marketing posts for free software I've seen in 2015

• Previous message (by thread): From Oracle's Chief Security Officer: one of the finest marketing posts for free software I've seen in 2015
• Next message (by thread): From Oracle's Chief Security Officer: one of the finest marketing posts for free software I've seen in 2015
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* David Gerard:

> Hmm, you're the only person so far I know of who hasn't reacted in
> shock.

The blog post is pretty reasonable if you combine the Oracle mindset
with the things that some people report as vulnerabilities.  I totally
get why she just wants to Make It Stop (because of those reports), and
the way she picks contracts/licenses (because of Oracle).

That being said, it's a bit odd that Oracle (of all companies)
apparently allows blog posts without review.  I can't believe
something like that wouldn't have been caught during a review process.

Regarding the contracts/licenses thing, I am pretty much fed up with
the blatant disregard of applicable laws and regulations by much of
the security industry.  Some of the law-breaking is unavoidable.  For
example, as an antivirus vendor, you pretty much have to make
unauthorized copies of copyrighted malware binaries, or circumvent
software protection mechanisms.  But there are is a lot of
questionable stuff going on that seems rather avoidable.  For a while
now, it's been socially acceptable to exploit production services, to
use vulnerabilities to exfiltrate user data and post the results
publicly, allegedly to encourage better security through transparency.
That can't be right.

• Previous message (by thread): From Oracle's Chief Security Officer: one of the finest marketing posts for free software I've seen in 2015
• Next message (by thread): From Oracle's Chief Security Officer: one of the finest marketing posts for free software I've seen in 2015
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]