February 10, 2006
Oracle to World: "Security Mission Accomplished..."
Oracle has responded to the charges from Gartner and others that it is the new security whipping-boy by sending out the message that "it's totally handled". This time it's Hasan Rizvi, VP of security products who's sending the message:
Our customers are so used to high security that when there is a vulnerability they don't apply the fix because they are not used to it, which is an interesting position to be in. People have to apply them and we can't do too much about that.
So Oracle's position is that they are so secure that people are confused about the need to apply patches. So, in the unlikely event that they do need to patch, the customers don't know they need to apply it. No seriously, that's the message...
I think some of the problems are, ironically, because of our strong track record and [customers] don't take some of the processes [sic] to fix them seriously.
So, to paraphrase; "Oracle's security is the best in the industry, and our customers (recognizing our prowess) keep dropping the ball because we're so damn good." Is it just me or does anyone else find this message to be somewhat "out of touch?"