Stories
Slash Boxes
Comments

SoylentNews is people

Oracle Security Chief Wants Bug Finders to Knock It Off

posted by takyon on Thursday August 13 2015, @02:46AM   Printer-friendly

An Anonymous Coward writes:

Oracle's Chief Security Officer, Mary Ann Davidson, took to her blog to demand that users stop hunting for bugs in Oracle's software, because, among other things, it violates the user license.

The blog entry got deleted quickly, but is archived here:

Now is a good time to reiterate that I'm not beating people up over this merely because of the license agreement. More like, "I do not need you to analyze the code since we already do that, it's our job to do that, we are pretty good at it, we can – unlike a third party or a tool – actually analyze the code to determine what's happening and at any rate most of these tools have a close to 100% false positive rate so please do not waste our time on reporting little green men in our code." I am not running away from our responsibilities to customers, merely trying to avoid a painful, annoying, and mutually-time wasting exercise.

Please, Oracle users, don't worry your little heads - just stop violating the license agreement.

takyon: #oraclefanfic on Twitter

And an update from Ars:

Oracle Executive Vice President and Chief Corporate Architect Edward Screven made a statement distributed by e-mail to the press on the post:

The security of our products and services has always been critically important to Oracle. Oracle has a robust program of product security assurance and works with third party researchers and customers to jointly ensure that applications built with Oracle technology are secure. We removed the post as it does not reflect our beliefs or our relationship with our customers.

Just how Oracle's chief security officer fell out of alignment with Oracle's core beliefs and managed to spread her heretic thoughts on customers was not addressed.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Oracle Security Chief Wants Bug Finders to Knock It Off | Log In/Create an Account | Top | 30 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 4, Insightful) by FatPhil on Thursday August 13 2015, @09:12AM

    by FatPhil (863) <{pc-soylent} {at} {asdf.fi}> on Thursday August 13 2015, @09:12AM (#222195) Homepage
    A/C posts sense.

    This is an order to *not use responsible disclosure*. Dear hackers - obey her!

    In order to add some original content, are you sure that *users* have signed any licence agreement? A few representatives of companies who buy multi-seat/multi-host licences may have signed the licence agreements, certainly. However, the people who sit in those seats (I've been one, in the 90s), or who send DB requests to those hosts, haven't signed shit. E.g. I've not signed anything with MySQL in order to submit my post to slashdot, but my clicking submit is as much bringing about use of the database engine as most things the hackers Little Miss Whineypants is complaining about.
    --
    Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
    Starting Score:    1  point
    Moderation   +2  
       Insightful=2, Total=2
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   4  

  • (Score: 2) by FatPhil on Thursday August 13 2015, @10:14AM

    by FatPhil (863) <{pc-soylent} {at} {asdf.fi}> on Thursday August 13 2015, @10:14AM (#222206) Homepage
    How embarassing. :-(
    --
    Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves