[WEB SECURITY] Re: Oracle in war of words with security researcher

tlmacgi at regence.com tlmacgi at regence.com
Fri Jan 27 18:35:13 EST 2006 

Hot off the presses about Oracle:


 --Gartner Says Oracle is "No Longer ... a Bastion of Security"
(24 January 2006)
Gartner has published an advisory on its web site warning administrators
that they need to be "more aggressive" in securing Oracle applications
because the company is not providing their customers with adequate help.
Gartner analyst Rich Mogull wrote that "Oracle can no longer be
considered a bastion of security" and that "the range and seriousness
of the vulnerabilities patches in this update cause us great concern."
Gartner is also critical of Oracle for providing less information about
fixes than the industry standard, for releasing faulty or
difficult-to-use patches and for the fact that Oracle does not provide
workarounds for vulnerabilities.  Gartner recommends that administrators
protect their systems with firewalls and intrusion prevention systems
and use security monitoring tools.  In addition, patching is sometimes
not possible because legacy versions are unsupported.
http://www.zdnet.com.au/news/software/print.htm?TYPE=story&AT=39234277-2000061733t-10000002c

http://www.computerworld.com/printthis/2006/0,4814,108038,00.html
_____________________________________
Teri MacGill, CPA, CISSP, CIA, CISM
The Regence Group
Security Staff Consultant/Security Specialist
(503)225 - 6023

This email is meant for the use of the intended recipient only.  If you
have received this email in error, please discard.  Nothing in this email
is meant to be binding on the sender or The Regence Group unless
specifically stated.



==============================================================================
IMPORTANT NOTICE: This communication, including any attachment, contains information that may be confidential or privileged, and is intended solely for the entity or individual to whom it is addressed.  If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message is strictly prohibited.  Nothing in this email, including any attachment, is intended to be a legally binding signature.
==============================================================================


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/

More information about the websecurity mailing list