Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers

From: Gadi Evron (ge_at_linuxbox.org)
Date: 10/07/05

Next message: David Litchfield: "Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers"

Previous message: Mandriva Security Team: "MDKSA-2005:175 - Updated texinfo packages fix temporary file vulnerability"
In reply to: David Litchfield: "Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers"
Next in thread: David Litchfield: "Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers"
Reply: David Litchfield: "Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 07 Oct 2005 19:38:39 +0200
To: David Litchfield <davidl@ngssoftware.com>

Not that I disagree with your sentiment or what you are saying, we all
know about the lacking security practices, secure development practices
and decent security response by *many* vendors.

Some of these vendors critical to the infrastructure far more than Oracle.

With all due respect to your wishes and intent, a research on different
vendors, showing what vendor responds to threats, after how long and how
effectively plus how many security issues appear with each would have
made sense to me. Showing the Good and thus flushing the Bad without
dissing anyone. Pure facts.
Attacking one vendor may make sense in some cases.. yes, again,
attacking one vendor in public in *this* *fashion* may be long over-due,
but it also seems to me to be rather.. in poor taste? Especially coming
out of the blue with no past public statements.

I sympathize with your concerns and I am known to be FAR from a person
who doesn't voice his opinions - and loudly, but it only makes me wonder
why now, why them and why here.

Now, I am not an Oracle advocate - far from it, but your subject line
says it all, and makes me look-down on your post automatically, which is
a shame:
"Complete failure of Oracle security response and utter neglect of their
responsibility to their customers"

Complete? Failure? Utter neglect? You better have some liability
coverage. Adding "opinion" there might not be good enough, right or wrong.

Thanks for your time,

Gadi Evron.

-- 
My blog: http://blogs.securiteam.com/?author=6
"The third principle of sentient life is the capacity for self-sacrifice 
--- the conscious ability to override evolution and self-preservation 
for a cause, a friend, a loved one."
	-- Draal, "A Voice in the Wilderness", Babylon 5.

Next message: David Litchfield: "Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers"

Previous message: Mandriva Security Team: "MDKSA-2005:175 - Updated texinfo packages fix temporary file vulnerability"
In reply to: David Litchfield: "Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers"
Next in thread: David Litchfield: "Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers"
Reply: David Litchfield: "Re: Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]