Dwaine Snow's Thoughts on DB2: Oracle Security in the News

Monday, October 31, 2005

Oracle Security in the News - Again

There is a lot of discussion lately about Oracle’s attention (or lack of attention) to security. In his blog, George Ou believes that Oracle is in denial about their security issues. On the 31st of August 2004, Oracle released a security update (Alert 68 info from Oracle) to address a large number of security flaws in their database server product. The patches had been a long time in coming even one of Oracle’s staunchest backers Lisa Vaas says that Oracle customers fully expected that these patches would actually fix the problems. Unfortunately this is not the case, and a lot of people’s secret information is being left unsecured because of this.

In an open letter to Oracle, David Litchfield expresses his opinion on the patch set, and what is not included. And just last week Oracle security was again in the news when Joshua Wright of the SANS Institute and Dr Carlos Cid of the Information Security Group at the Royal Holloway, University of London published a paper stating that Oracle’s Password System makes it "straightforward" to recover user's password.

I know that no software is perfect, but I would hope that when a company is told that their software can leave user’s data vulnerable, that they would do everything in their power to fix the problems.

<< Home

Hi, and welcome to my blog on DB2 UDB. I have been working for IBM and working with DB2 for the past 15 years. Currently I am helping direct the future of DB2 as one of IBM's DB2 product managers. Although I work for IBM, the views expressed are my own and not necessarily those of IBM and its affiliates. The views and opinions expressed by visitors to this blog are theirs and do not necessarily reflect mine.

Name: Dwaine R. Snow

Location: United States

View my complete profile

Dwaine Snow's Thoughts on DB2

Monday, October 31, 2005

Oracle Security in the News - Again

About Me

Previous Posts