title: Oracle 11g Insecure due to "Stupid" Developer Mistakes link: https://onemoretech.wordpress.com/2007/09/04/oracle-11g-insecure-due-to-stupid-developer-mistakes/ author: lembobro description: post_id: 645 created: 2007/09/04 15:37:00 created_gmt: 2007/09/04 15:37:00 comment_status: open post_name: oracle-11g-insecure-due-to-stupid-developer-mistakes status: publish post_type: post

Oracle 11g Insecure due to "Stupid" Developer Mistakes

Oops. I mean, “stupid mistakes made by developers”.

Here’s the scoop from that leader in corporate IT communications, ComputerWorld:

Expert finds ’stupid’ vulnerabilities in Oracle 11g

Most of the above article lays out what the quoted db security expert says are “stupid” vulnerabilities in Oracle’s latest database product that result from mistakes by it’s developers. While calling on the one hand for Oracle to better educate it’s developers to avoid these kinds of mistakes, he also goes on to say that there are some vulnerabilities that are related to Oracle’s underlying architecture. What’s striking here is that nowhere in the article do we get any idea of just what those architectural deficiencies are. Pretty amazing failure to report some really important (maybe critical) facts for what’s supposed to be a technology saavy computer trade publication. Is it that the reporter was too stupid or too lazy to ask the right questions (and comprehend the answers), or just a case of an overzealous editor cutting real news to get an additional column inch for advertising?

The more interesting part of the article comes at the end though, where the horrorific costs of patching are described. Of course the reporter doesn’t mention that these costs exist for almost every software product, including operating systems. The little aside about how much work this involves on the vendor side is a nice touch, leading me (not the reporter, apparently, unless this question was also cut by the editor) to ask: “How many problems go unresolved because of the cost resolving them would represent to [insert name of vendor here]?”

Hey Larry, how’s that offshoring of all your development work turning out anyway?

Copyright 2004-2019 Phil Lembo