Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers
From: Rainer Duffner <rainer () ultra-secure de>
Date: Thu, 06 Oct 2005 21:17:49 +0200

David Litchfield wrote:

I know you this wasn't your intent when you wrote it, but:

That means 70 000 000 € spend by Larry for the silly Yacht - you, David, could charge 100 000 per day and still deliver more value.

I just want to make it clear that all I'm looking for from Oracle is, not a job to review their code, but to treat security properly and give their customers the respect they paid for.

I'm sorry if it sounded that way - I'm also not jealous of Mr. Ellison's riches (I've not directly contributed to them, mind you).
I just wanted to make the proportions visible ;-)
From my view, there is no doubt that you alone have done a great deal of work to secure Oracle products - I assume with little financial reward from Oracle itself. This enforces the popular view that (most) big corporations don't "value" something until it costs money - and if it costs a lot of money, it must be of big value...
Sounds like a Dilbert-esque PHB'ism, but that's the impression I get.

Unless a whistleblower (image of Larry keelhauling him comes up...) comes forward, only Ms. Davidson can shade some light on how exactly the QA- and patch-creation process works and why it can take literally years to put out a security-update (that turns out to be little less than a placebo) to a currently shipped product.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]