[Previous entry: "Follow up on direct appplication repository access"] [Next entry: "Nice post on Amis about flasback"]
Tug has an interesting post on software terrorists
May 5th, 2005 by Pete
Post to del.icio.us
Post to Furl
I saw an interesting post on Tug's blog yesterday titled "Which kind of developer are you? A software terrorist?". This is a post about a recent editorial by Allen Holub, the guy famous for writing many compiler and OS books. I have read his book Compiler design in C and I subscribe to his sporadic newsletter. Alan’s editorial "The Terror of Code in the Wrong Hands" - This is an interesting read and as Tug says the description of software terrorist is great. The issue of one employee (or otherwise) staying late and "fixing" or "improving" code whilst everyone is at home and then not telling anyone is an issue that we have all heard about. But from a security perspective this is an issue we should all be concerned about. What if someone changes parameters, application code or anything else in the database either "innocently" or on purpose? Would you know it had happened? Knowing the configuration of your database because it is stored and baselined and also ensuring application source code is controlled both in source repositories and also through change control and release mechanisms is important.
This is a good article, not intended to be Oracle security specific but relevant all the same.
