Oracle has (probably wisely) been keeping their head down the past few months, so imagine my excitement when I saw that IDG put out this where Oracle discusses their approach to software security. And there's some choice stuff in there - the article starts with Mary Ann Davidson commenting on the "unbreakable" campaign. Talking about her reaction when she first heard it, she said "my response was 'What idiot dreamed this up?" What idiot, indeed. I'm not going to fault her for this criticism, since I happen to share her opinion. However, a stickler could make the point that she saw things as a little less black-and-white back in the day:
"We believe the market effect of the 'Unbreakable' campaign raises the security bar and therefore improves security overall, both in forcing us to live up to the statement, and forcing others in the industry to begin to do the same. If our security today is imperfect but better than the competition, and if customers make a buying decision based on that criteria, than in the long term you will see all products in the market improve."
Oh well, not that it matters now. The article then moves on to discuss internal Oracle development security efforts. Given Oracle's track-record in security, I'm surprised that they're running with this message. For example:
Davidson said the record for fixing one defect was 78 patches, which cost the company around $1 million.
If this were you, would you broadcast having to issue 78 patches to fix one bug? Yeah, I probably wouldn't either. As to whether or not they are getting better, I think it's too early to tell. However, I guess we'll find out in time...