Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "New paper on Oracle native authentication in 9i and 10g"] [Next entry: "David Litchfield announces Open Software Database forensics toolkit"]

Software should defend itself: Oracle CSO

Software should defend itself: Oracle CSO By Munir Kotadia

"Applications will have to defend themselves from attack in the future, according to Oracle's chief security officer Mary Ann Davidson.

At the opening keynote of the AusCERT 2007 conference last week, Davidson said applications should be more like US Marines.

"Every Marine fights--whether you are a clerk or a medic, every Marine is first and foremost a Marine, which means they know how to defend themselves. This is an ethos I really think we are going to need in this new world."

I don't get this, software applications cannot defend itself otherwise they would not be the applications originally written in the first place. i.e. if Oracle SSO is a single sign on software would it then also have to be an application IDS? - I beleive that software should be written to standards also to secure coding standards and ideally be well tested and as bug free as possible. Thats a goal, it doesnt mean that it defends itself. each to their own view though..:-)