Oracle Responds Sternly To Security Criticism

Oracle has retorted vehemently against security experts' criticism about the security record maintained by the company. 'Manager for security' in Oracle's 'global technology business unit', Eric Maurice, said in a company blog that the database vendor occupied a high position in the software industry for its responsible development in security. He said that the primary function of Oracle is to keep their customers secure. With 'Oracle Software Security Assurance' the company has framed its objectives, policies, procedures and also chosen people that would be 'in tune' to providing customers with the highest level of security in all of Oracle's products.

Security researchers have been criticizing Oracle after conducting multiple studies and then posting the results on the 'blog'. Security vendors 'NGS Software' and analyst firm 'Enterprise Strategy Group' (ESG) have provided studies that compare the number of software updates in Oracle and Microsoft databases. The studies declared that Microsoft stood out in comparison.

Another person in the list of criticizers is Cesar Cerrudo, CEO of 'Argeniss Information Security', who said that he would work for a week in December to expose Oracle database 'zero-day' flaws. But Cerrudo eventually didn't proceed with his plans and posted the message on his Web site. Though he did not give any explanation, according to media speculations he was under pressure from 'Oracle' and 'DBAs' to not to discuss the flaws, which have no patch.

Maurice wrote materials on his bog in relation to 'articles and blog entries' but did not specify names of ESG, NGS Software or Argeniss. However, he responded to the NGS Software and ESG studies by providing that others were taking advantage of the situation and asserted that Oracle won't allow 'external perception' to make impact on its security policies.

According to Rich Mogull, research vice president with 'Gartner' and head of the firm's 'Information Security and Risk Practices', the blog posting was mainly a public relations action. He further said a large-scale attack on Oracle databases had not yet taken place.

Mogull added that customers were dissatisfied with Oracle's security record and the patches it releases. But they hadn't turned to competing products yet.

Related article: Oracle Charged SAP For Copying Its Programs

» SPAMfighter News - 12/6/2006