Oracle Exec: Stop Sending Vulnerability Reports
florin writes: Oracle chief security officer Mary Ann Davidson published a most curious rant on the company's corporate blog yesterday, addressing and reprimanding some pesky customers that just will not stop bothering her. As Mary put it: "Recently, I have seen a large-ish uptick in customers reverse engineering our code to attempt to find security vulnerabilities in it." She goes on to describe how the company deals with such shameful activities, namely that "We send a letter to the sinning customer, and a different letter to the sinning consultant-acting-on-customer's behalf — reminding them of the terms of the Oracle license agreement that preclude reverse engineering, So Please Stop It Already."
Later on, in a section intended to highlight how great a job Oracle itself was doing at finding vulnerabilities, the CSO accidentally revealed that customers are in fact contributing a rather significant 1 out of every 10 vulnerabilities: "Ah, well, we find 87 percent of security vulnerabilities ourselves, security researchers find about 3 percent and the rest are found by customers." Unsurprisingly, this revealing insight into the company's regard for its customers was removed later. But not before being saved for posterity.
Later on, in a section intended to highlight how great a job Oracle itself was doing at finding vulnerabilities, the CSO accidentally revealed that customers are in fact contributing a rather significant 1 out of every 10 vulnerabilities: "Ah, well, we find 87 percent of security vulnerabilities ourselves, security researchers find about 3 percent and the rest are found by customers." Unsurprisingly, this revealing insight into the company's regard for its customers was removed later. But not before being saved for posterity.
You are all cows. Cows say moo. MOOOOOO! MOOOOOOOOO! Moo cows MOOOOOOO! Moo say the cows. YOU COWS!!
ove[r a quality other members in time wholesome and fellGow travellers? A productivity
I'm the only one on this planet who can know that much about everything, and carrying that much information is driving me insane--I imagine this is why there aren't many others around like this. So much rolls around in my brain it spontaneously generates textbooks of new information, which I can't encode fast enough. I have no social life, I'm obsessed with collecting more information, and my ability to regulate my sanity--what's left of it--is faltering on and off.
I've analyzed it all and determined nothing in my fragments of educational policies tends to cause this, so it should be safe to fix up the school systems with proper early-grade-school goals. They'll all have better mental management than I do, anyway, and should be able to keep social cohesion and all those human emotional things going even better, along with the mass improvement in intellect.
You don't need to go that far to make good decisions. You really don't. You can't be a finance guy, a market guy, an IT guy, an IT security guy, a programmer, a database engineer, a lawyer, an HR professional, a rocket engineer, and a damned politician all rolled into one. At the same time, a carpenter uses tools; a carpenter isn't each and every one of those tools himself, and only needs to understand when and how to apply them.
It's still fun to be a complete and total information burn-out. I'm hoping I can last 20-30 more years; after that, I might hurt someone, but I probably won't have the capacity to care anymore.
Support my political activism on Patreon.