Slashdot Mirror

← Back to Stories (view on slashdot.org)

Oracle's Chief Security Officer Speaks Out

Posted by Zonk on from the talking-the-talk dept.

s0u1d13r writes "ZDNet Australia posted a special article from Oracle's CSO regarding the treatment and publishing of exploits and vulnerabilities by security researchers. From the article: 'There's a myth about security researchers that goes like this: Vendors are made up of indifferent slugs who wouldn't fix security vulnerabilities quickly -- if at all -- if it weren't for noble security researchers using the threat of public disclosure to force them to act.' An interesting read from the perspective of one of the largest software vendors accused of ignoring vulnerabilities by software researchers."

2 of 112 comments (clear)

  1. Re:But that's true, at least for extensive vulns by gclef · · Score: 5, Informative

    The problem is, a few of the recently-released ones had lag times measured in *years*. Oracle can whine all they like about unrealistic deadlines from researchers, but a few years is far too long to sit on something.

    My reference for the years comment:
    http://www.red-database-security.com/advisory/publ ished_alerts.html

    They waited over 600 days for Oracle to patch some vulns. There's no excuse for that.

  2. Re:Deparment of Homepage Security by IdleTime · · Score: 4, Informative

    I'm sorry but you are way off the mark here. I'm sorry that you don't know your job, but don't blame Oracle for your own incompetency.

    Using streams replication there is not limit (practically) on the number of servers to replicate to.

    Restore and recover takes a long time? Use archivelog mode, unless you have physical corruption that spans multiple disks, there is no need to restore the whole database. restore the corrupt file and roll forward. Unless your last backup of the file was months ago, the operation is done in minutes. Please don't spread stupid remarks that have no foothold in reality. L:earn to use the product rather than display your own ignorance.

    Oracle Dataguard has nothing to do with replication. Oracle Data Guard ensures high availability, data protection, and disaster recovery for enterprise data. Data Guard provides a comprehensive set of services that create, maintain, manage, and monitor one or more standby databases to enable production Oracle databases to survive disasters and data corruptions.

    Starting a database is simple: sqlplus "/ as sysdba"; startup... How difficult is that?

    I don't mind critique of Oracle, but at least get your facts straight!

    --
    If you mod me down, I *will* introduce you to my sister!