« Podcasts: growing pains or the end of a hype? | Main | OLPC does Doom »
Meet Oracle: the new Microsoft
Pouring some salt into Oracle's security wounds, security researcher David Litchfield has published details of a new class of attack against the database. The vulnerability could allow an attacker to steal confidential information or insert coding time bombs in the database that will get executed at a later time.
Oracle can't do much about this one. Instead, application developers have to make sure that they follow best practices.
Although Oracle is trying to meet the challenges of today's security landscape, the company so far has failed to step up to the challenge. It isn't just that Oracle is unable to fight off the onslaught of new SQL injection vulnerabilities, as the unpatched vulnerabilities meter currently surpasses 200.
The database vendor also seems unable to handle a world in which information travels at the speed of light, and in which it needs to respond instantaneously.
The company has a "global product security blog" which published a paltry four postings last October, and none so far in November. Security related questions to Oracle's PR department as a rule remain unanswered.
Security seems an afterthought with Oracle. The company should consider looking at Microsoft for some inspiration.
technorati tags: oracle, patch, security, database, microsoft
Spanish
Post a comment