[Previous entry: "Nice paper on database links"] [Next entry: "standalone discoverer clients now sso compliant for E-Business Suite users"]
Mary Ann Davidson announces that Fortify software will be used to find security holes in Oracle software
December 21st, 2005 by Pete
Post to del.icio.us
Post to Furl
I saw today that Mary Ann Davidson has announced that Fortify Software Inc's products will be used to check the database server software and middleware for potential security holes. I saw this is a post titled "Oracle Turns to Fortify to Secure Source Code". In this post Mary Ann says she has searched for years for a suitable tool to audit the Oracle software. There is a sting in the tail though as Fortify's software is not suitable for auditing large swathes of the Oracle product stack such as the application server, E-Business Suite, Peoplesoft and many more that are written in a variety of languages, presumably PL/SQL is one of these that are not supported. It sounds from this article that the C used for the server will be audited but PL/SQL not. As most of the recent SQL Injection issues and therefore security bugs are in PL/SQL packages this new tool is unlikely to make large inroads into the recent woes caused by these bugs.
