Security ist nicht nur keine Security Bugs

May 23rd, 2007

Aaron Newman, Gründer von von Application Security Inc., in einem Interview zum Thema Oracles Patching Policies:

You really need to refocus efforts away from new security features and onto how we fix these holes that have been around for years and years and port them to Oracle 8i or Oracle 9i or some of the other platforms that aren’t as critical. That’s what their problem is: They can patch problems quickly on 10g on Linux, but they take very, very long to back port that to Oracle 8i on the AIX platform and things like that. You have to support those people and that’s really the most critical thing I think they really need to address, rather than figuring out how to do a better auditing system.

Die grosse Anzahl Plattformen und Versionen ist sicher ein grosser Faktor bei der Reaktionszeit auf Bugs. Das Sicherheitsproblem aber einzig auf die Security Bugs zu reduzieren, wie es Newman tut, ist leider viel zu einfach. Auditing und Enterprise User Security oder Identity Management sind genauso wichtige Pfeiler in einer durchdachten Securitystrategie.
Langsam beginne ich Oracles Security-Kollegen zu verstehen, die mit manchen der Oracle-Hacker doch etwas Probleme haben.

Related posts:

  1. Oracle January 2007 CPU
  2. July 2007 CPU Pre-Release Announcement
  3. Oracle CPU July 2010
  4. Critical Patch Update October 2007 Pre-Release Announcement
  5. Oracle Critical Patch Update January 2008
Posted by maol
Filed in Technology
No Comments »

Leave a Reply

Comments will be sent to the moderation queue.

Maximum 5 links per comment. Do not use BBCode.