[Previous entry: "Commercial rainbow cracking"] [Next entry: "DBMS_ASSERT can be used to protect against SQL Injection"]
Mary Ann Davidson on how to evaluate software security
November 12th, 2005 by Pete
Post to del.icio.us
Post to Furl
I saw an interesting news post on CSO Online yesterday and made a not to mention it here. The post is titled "How to Evaluate Software Security" and is an interview with Mary Ann Davidson the Chief Security Office of Oracle. The interviewer asks here about her thoughts on has the focus been taken off code quality due the recent increases in identity theft and then she is asked about her thoughts on vulnerability scanning software. She was then asked how does Oracle ensure that the end product is secure. This is interesting as she says that they employ in-house training, coding standards, in-house tools and also use the internal ethical hacking team. She is then asked how an outsider can review Oracles products for security without access to the source code. She is finally asked for her thoughts on the best standards available to test co security before it is released.
The article is worth reading to get an insight into Mary Ann's thoughts and motives in securing the Oracle products.
