January 25, 2006 at 6:50 pm
"From day one we were in a multiuser environment," Heimann said. "We had to worry about authenticating users, controlling what users could see, from a very early stage in our product."
That's from the director of security management at Oracle, John Heimann. I saw that quote from yesterday's eWeek article right after I had snagged this one from today: Oracle Advises Users: Patch Critical Hole—Now, an article about a critical flaw in most Oracle versions and allows users to bypass authentication and become superusers. I guess the editorial timing on those two couldn't be better for Microsoft 🙂
I wrote a long editorial in the January issue of the SQL Server Standard about this very topic. With Oracle touting their "unbreakable" code, it seemed to me that the marketing hype was far beyond the reality. Especially with everyone taking shots at Microsoft's security.
Writing secure and bug free code is hard. There's been an interesting debate from an older editorial on bug free code. I don't think it's easy, or even realistic for projects of any size, but I do agree that most commercial code is released too early.
And it's not just Microsoft.
So many products are released with lots of bugs and vendors are slow to fix them. I think Microsoft has been doing a better job, but they can get better. And apparently, so can Oracle. At least according to David Litchfield. There's one more quote from the first article that I just love:
"This comes after a history of patches that haven't installed correctly, patches to patch patches, and then patches to patch the patches that were released to patch patches."
Steve Jones
January 26, 2006 at 6:52 am
And it's not just Microsoft.
So many products are released with lots of bugs and vendors are slow to fix them.
But I think Microsoft started it, and now that they have, what choice do other vendors have but to follow that lead? Consumers have gotten used to it, and figure that software 'just has to be that way'. Even if they don't buy that explanation for any other product.
Look at Apple. How has selling a stable, reliable PC improved their market share?
January 26, 2006 at 7:04 am
I agree, a lot of software is rushed to production. Everyone trying to make a dollar or be the first to market. But Microsoft did not start it. Ever since the first computer until today, there have been patches, upgrades, updates. Large companies and government have managed this for a long time, see configuration management, change control. It seems since everyone and his brother has a computer that there is an issue of handling changes. Maybe there should be a license for a computer and an operator license for the user!
January 26, 2006 at 7:32 am
The securist computer is one not connected to a network and behind a locked door.
But boss, why must the urgent always take precedence over the important?
January 26, 2006 at 7:39 am
Is it a coincidence that this kind of standards slippage occurred after Oracle started doing its development exclusively in India? I think not!
January 26, 2006 at 7:59 am
"This comes after a history of patches that haven't installed correctly, patches to patch patches, and then patches to patch the patches that were released to patch patches."
Why do I immediately think of the intro to Monty Python's The Holy Grail...
"We apologise again for the fault in the subtitles. Those responsible for sacking the people who have just been sacked, have been sacked".
TNS
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply