Oracle: The Ostrich Syndrome
August 14, 2015
I read “Oracle’s Chief Security Officer Mary Ann Davidson Just Made as Rookie Mistake.” No, it has nothing to do with trying to breathe life into Oracle Secure Enterprise Search or increasing the content processing speed of Endeca. Those might be really difficult tasks.
According to the write up:
Oracle Chief Security Officer Mary Ann Davidson was forced to remove a blog post after she made a mistake that made her sound out of touch with the security space. In her online post, she claimed that security researchers who point out flaws in Oracle software may be in violation of the company’s license agreement. She said reverse engineering is not allowed under the company’s own TOS.
Quite a good idea if one is struggling with the Java thing, open source database annoyances, and push back about certain licensing policies and fees.
I read this and thought of the creature which buries its head in the sand.
To make the issue more interesting, Oracle removed the post which allegedly said:
“If we determine as part of our analysis that scan results could only have come from reverse engineering, we send a letter to the sinning customer, and a different letter to the sinning consultant-acting-on-customer’s behalf – reminding them of the terms of the Oracle license agreement that preclude reverse engineering, So Please Stop It Already”
I love the “already.” There is a robust market sector which identifies and provides information about vulnerabilities to those who are not into the ostrich approach to information.
Isn’t this disappearing, revisionistic information trend fascinating. What you do not know cannot possibly harm you. Ignorance is bliss. Be happy.
Stephen E Arnold, August 14, 2014