lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 06 Oct 2005 21:17:49 +0200
From: Rainer Duffner <rainer@...ra-secure.de>
To: David Litchfield <davidl@...software.com>,
	bugtraq@...urityfocus.com
Subject: Re: Opinion: Complete failure of Oracle security response and utter
 neglect of their responsibility to their customers


David Litchfield wrote:

> Hey,
> I know you this wasn't your intent when you wrote it, but:
>
>> That means 70 000 000 € spend by Larry for the silly Yacht - you, 
>> David, could charge 100 000 per day and still deliver more value.
>
>
> I just want to make it clear that all I'm looking for from Oracle is, 
> not a job to review their code, but to treat security properly and 
> give their customers the respect they paid for.
> Cheers,
> David
>


I'm sorry if it sounded that way - I'm also not jealous of Mr. Ellison's 
riches (I've not directly contributed to them, mind you).
I just wanted to make the proportions visible ;-)
 From my view, there is no doubt that you alone have done a great deal 
of work to secure Oracle products - I assume with little financial 
reward from Oracle itself.
This enforces the popular view that (most) big corporations don't 
"value" something until it costs money - and if it costs a lot of money, 
it must be of big value...
Sounds like a Dilbert-esque PHB'ism, but that's the impression I get.

Unless a whistleblower (image of Larry keelhauling him comes up...) 
comes forward, only Ms. Davidson can shade some light on how exactly the 
QA- and patch-creation process works and why it can take literally years 
to put out a security-update (that turns out to be little less than a 
placebo) to a currently shipped product.





cheers,
Rainer

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ