From Oracle's Chief Security Officer: one of the finest marketing posts for free software I've seen in 2015

Florian Weimer fw at
Sun Aug 23 11:32:36 UTC 2015

* David Gerard:

> Hmm, you're the only person so far I know of who hasn't reacted in
> shock.

The blog post is pretty reasonable if you combine the Oracle mindset
with the things that some people report as vulnerabilities.  I totally
get why she just wants to Make It Stop (because of those reports), and
the way she picks contracts/licenses (because of Oracle).

That being said, it's a bit odd that Oracle (of all companies)
apparently allows blog posts without review.  I can't believe
something like that wouldn't have been caught during a review process.

Regarding the contracts/licenses thing, I am pretty much fed up with
the blatant disregard of applicable laws and regulations by much of
the security industry.  Some of the law-breaking is unavoidable.  For
example, as an antivirus vendor, you pretty much have to make
unauthorized copies of copyrighted malware binaries, or circumvent
software protection mechanisms.  But there are is a lot of
questionable stuff going on that seems rather avoidable.  For a while
now, it's been socially acceptable to exploit production services, to
use vulnerabilities to exfiltrate user data and post the results
publicly, allegedly to encourage better security through transparency.
That can't be right.

More information about the Discussion mailing list