In case you missed it, the Oracle CSO went on a rant about why security researchers and their own customers digging through their applications to locate vulnerabilities should just stop doing so and pay more attention to securing their own house. Well, as with anything on the internet, it has been making the rounds because of how tone deaf it was. Here are some of the reactions from the security industry to her missive:
To say that the post resulted in a strong industry backlash would be an understatement. Oracle distanced itself from Davidson’s opinions in its statement distributed to the press. “The security of our products and services has always been critically important to Oracle. Oracle has a robust program of product security assurance and works with third party researchers and customers to jointly ensure that applications built with Oracle technology are secure. We removed the post as it does not reflect our beliefs or our relationship with our customers,” Oracle executive vice president and chief corporate architect Edward Screven said in the statement.
”It’s incredibly arrogant for Oracle to suppose that they have all the answers and that their IP protections are sufficient and proper to guard against bad guys hacking your organization,” said Jonathan Feldman, CIO at the city of Asheville, N.C. “We know it’s stupid. It’s not like we have one year of data. Or five. We have at least 20 years of experience saying that the bad guys do deep, debugger-level code dives, and to ignore that with a Pollyanna ‘everybody had better be nice, now, because the Big O has Everything Under Control’ is crazy and irresponsible and ignorant,” Feldman said.