Call: +44 (0)7759 277220 Call
Blog

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Virtual Patching or Good Security Design instead?"]

Oracle Security Blog Posts

I teach many training classes on Oracle security to lots of students worldwide both on-site and on-line and one area I often cover quote briefly is where can you find more information or keep up to date on Oracle security and of course one of those sources of information is obviously blogs.

In the old days; more than ten years ago there were quite a few people posting Oracle Security blogs but this stagnated and died mostly. I was the first and oldest Oracle security blog and was joined by Alex, David, Slavic, Steve and a few more who would blog regularly on the subject of Oracle Security. Most have stopped almost completely or post such a small amount of posts now and then. There are not really any new people who post about only Oracle security and none that do it exclusively like me. In fact myself and Steve Kost are probably the only regulars still. Some people like Laurent, Dennis, Kamil and Rodrigo Jorge do post on the subject of Oracle security from time to time as do others but there does not seem to be a ground swell of Oracle security posting as there was more than 10 years ago.

I decided to count up and see how my Oracle Security blogging has changed over the years. Here is a graph from 2004 to now.


Analysis of Oracle Security blog posts on PeteFinnigan.com Limited



As you can see i posted a lot in the early days and this curved off as time went on. Why? well there was a golden age of Oracle security when people were starting out to consider the problems and issues in securing Oracle. The start of this coincided with the start of the push for Oracle security patches; the start of finding SQL injection issues in Oracle built in packages and the overall buzz around securing Oracle. This tailed off as did the discussions around why Oracle didn't tell us exactly what was fixed in every CPU; people just got on and moved on. I still blogged but less so as i was just too busy. Now, i am even busier BUT i want to get back to talking about Oracle security in more details again.

The time of data security is now; we have more and more breaches of data, almost daily and two big ones in the last weeks; 500 Million records lost at Marriott (for sure an Oracle database was involved) and Quora forums also had a big breach; We have just had GDPR go live and there is a definite push towards people doing more around Oracle security and data security in general. Just recently Oracle made Privilege analysis free with EE and 18x XE also includes most of the security cost options for free. I discussed this very briefly in my recent post on super locking an Oracle database.

I do plan to post more going forwards on Oracle security. I have a big list of collected subjects that I want to cover here; and i will make it my new years resolution to try and post more. Well thats me and I think its write to talk more about securing Oracle in particular and securing data in general. We are for sure in an era of a heightened need to secure data.