Slashdot Mirror


Oracle's Chief Security Officer Speaks Out

s0u1d13r writes "ZDNet Australia posted a special article from Oracle's CSO regarding the treatment and publishing of exploits and vulnerabilities by security researchers. From the article: 'There's a myth about security researchers that goes like this: Vendors are made up of indifferent slugs who wouldn't fix security vulnerabilities quickly -- if at all -- if it weren't for noble security researchers using the threat of public disclosure to force them to act.' An interesting read from the perspective of one of the largest software vendors accused of ignoring vulnerabilities by software researchers."

5 of 112 comments (clear)

  1. they misspelled "truth" by Saven+Marek · · Score: 0, Troll

    "There's a truth about security researchers that goes like this: Vendors are made up of indifferent slugs who wouldn't fix security vulnerabilities quickly -- if at all -- if it weren't for noble security researchers using the threat of public disclosure to force them to act."

  2. SURPRISE AN IDIOT WOMEN DOESN'T WANT TO DO HER JOB by Anonymous Coward · · Score: -1, Troll

    It is pretty obvious she is too busy getting banged and pregnant by her husband to actually do her job. So what does she do she blames security researchers for doing their job.

  3. Re:Deparment of Homepage Security by Anonymous Coward · · Score: -1, Troll
    Sure, why waste time fixing bugs, when you can attack the researchers whose bug reports make you look bad?

    They are not researchers, they are hackers who masturbate too much.

  4. This is moot. by Anonymous Coward · · Score: -1, Troll

    This is redundant. After previous /. articles which make it abundantly clear that American router and modem manufacturers have been, and continue to enjoy a green light to install backdoors in their equipment there is no point even discussing security. Cisco routers are insecure _because_they_admit_so_ ! Not because some researcher discovered anuthing. It doesn't matter what any security researcher 'discovers' from now on, we know these devices are insecure because the Government has mandated it be so. I could not mention Cisco and security in the same sentence after what I heard, what is the point of even pretending there is a remaining 'security' issue when the (back)door is left wide open by government. If you have the slightest clue about security you will be building your own routers and firewalls from properly audited BSD boxes.

  5. What a lying bitch by (negative+video) · · Score: 0, Troll
    In reality, when a researcher puts customers at risk by releasing exploit code for a vulnerability before the vendor has had a chance to fix it, it's ridiculous to expect the vendor to say, "Thank you for putting our customers at risk."
    You are the ones who intentionally designed in the flaw, and you are the ones who deliberately defrauded your customers by falsely warranting the product as "Unbreakable". If this was securities and not software, the SEC would have tossed you in a Federal-pound-me-in-the-ass prison.

    "Oh, but we're innocent, somebody framed us!" Tell it to the hand 'cause the face ain't listening.