Call: +44 (0)7759 277220 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Commercial rainbow cracking"] [Next entry: "DBMS_ASSERT can be used to protect against SQL Injection"]

Mary Ann Davidson on how to evaluate software security

I saw an interesting news post on CSO Online yesterday and made a not to mention it here. The post is titled "How to Evaluate Software Security" and is an interview with Mary Ann Davidson the Chief Security Office of Oracle. The interviewer asks here about her thoughts on has the focus been taken off code quality due the recent increases in identity theft and then she is asked about her thoughts on vulnerability scanning software. She was then asked how does Oracle ensure that the end product is secure. This is interesting as she says that they employ in-house training, coding standards, in-house tools and also use the internal ethical hacking team. She is then asked how an outsider can review Oracles products for security without access to the source code. She is finally asked for her thoughts on the best standards available to test co security before it is released.

The article is worth reading to get an insight into Mary Ann's thoughts and motives in securing the Oracle products.