I saw an interesting post on Tug's blog yesterday titled "Which kind of developer are you? A software terrorist?
". This is a post about a recent editorial by Allen Holub, the guy famous for writing many compiler and OS books
. I have read his book Compiler design in C
and I subscribe to his sporadic newsletter
. Alanís editorial "The Terror of Code in the Wrong Hands
" - This is an interesting read and as Tug says the description of software terrorist is great. The issue of one employee (or otherwise) staying late and "fixing" or "improving" code whilst everyone is at home and then not telling anyone is an issue that we have all heard about. But from a security perspective this is an issue we should all be concerned about. What if someone changes parameters, application code or anything else in the database either "innocently" or on purpose? Would you know it had happened? Knowing the configuration of your database because it is stored and baselined and also ensuring application source code is controlled both in source repositories and also through change control and release mechanisms is important.
This is a good article, not intended to be Oracle security specific but relevant all the same.