ORACLE HAS SWIFTLY moved to distance itself from the rambling ravings of its chief security officer (CSO), who took to the Oracle blog on Sunday to rant about everything from the annoyance of interfering customers to the pointlessness of bug bounties.
Edward Screven, the firm's executive VP and chief corporate architect, sent out a statement late Monday letting the world know that Oracle and its CSO have very differing views on these topics, hence why the blog post was taken down a day after publishing.
"The security of our products and services has always been critically important to Oracle," he noted.
"Oracle has a robust programme of product security assurance and works with third-party researchers and customers to jointly ensure that applications built with Oracle technology are secure. We removed the post as it does not reflect our beliefs or our relationship with our customers."
Screven's statement was in reponse to a blog posted by Oracle CSO Mary Ann Davidson, in which she pretty much told the rest of the industry to back off, shove off and let her and her team do their damn job.
Davidson is still listed as CSO on the Oracle Executives web page, and Oracle declined to confirm that she indeed still holds this position.
The currently infamous Davidson issued the warning in a blog post under the title No, You Really Can't, telling researchers that working on Oracle stuff is against Oracle's wishes and will land them in trouble.
Here we will point out that a lot of firms, including Microsoft, actually pay people for bringing such problems its way. We can also remind readers that Oracle has always barked loudly about its security efforts (see the dog vs cake video below).
The blog is a doozy and has everyone up in arms. ‘Is it a spoof?' was the early cry, but that has since been replaced by ‘Where is the blog?'.
We asked this when we started to see all the duff links being shared around. Following the original link took us through to a 404 page and a note that we have somehow found ourselves lost in the Oracle blog matrix. The fact is we have not. Oracle has removed it.
This is the internet, though, and the internet never forgets. It took seconds to find a cached version and remind ourselves of the post we read just hours before.
Here is the start, which seems reasonable enough. "I have been doing a lot of writing recently. Some of my writing has been with my sister, with whom I write murder mysteries using the nom de plume Maddi Davidson," wrote Davidson.
"Recently, we've been working on short stories, developing a lot of fun new ideas for dispatching people (literarily speaking, though I think about practical applications occasionally when someone tailgates me)."
From here on things get a bit ballsy, as Davidson (pictured below) expresses her boredom at the business of dealing with third-party nags with problems about Oracle and tells them to button it.
"Writing mysteries is a lot more fun than the other type of writing I've been doing. Recently, I have seen a large-ish uptick in customers reverse engineering our code to attempt to find security vulnerabilities [insert big sigh here]," she added.
"This is why I've been writing a lot of letters to customers that start with 'hi, howzit, aloha' but end with ‘Please comply with your licence agreement and stop reverse engineering our code, already.'"
Fair enough. If that is Oracle policy it is Oracle policy. There cannot be anything controversial to see there.
Davidson said that ‘don't no-one have the time for that' (we have paraphrased) and that she would rather that her and her team do their work and not be dragged into arguments over licence agreements.
"Please do not waste our time reporting little green men in our code," she wrote. "I am not running away from our responsibilities to customers, merely trying to avoid a painful, annoying and mutually time wasting exercise."
Some time is spent on the theme that companies should get their own security houses in order before ringing on Oracle's bell, and there is the suggestion that bug bounties are like boy bands and that visitors to Davidson might literally judge her collection of books by their covers.
We can't confirm rumours that Davidson's next book will be a cat and mouse thriller with a high-powered female executive hunting down the 70-year-old CEO of a large global corporation to exact her revenge. µ
A surprisingly busy week in a quiet month
Measures just 15.75mm at its thickest point
Firm expects GPU sales to start drying up