lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4346B29F.6080904@linuxbox.org>
Date: Fri, 07 Oct 2005 19:38:39 +0200
From: Gadi Evron <ge@...uxbox.org>
To: David Litchfield <davidl@...software.com>
Cc: bugtraq@...urityfocus.com, ntbugtraq@...tserv.ntbugtraq.com
Subject: Re: Opinion: Complete failure of Oracle security response and utter
 neglect of their responsibility to their customers


Not that I disagree with your sentiment or what you are saying, we all 
know about the lacking security practices, secure development practices 
and decent security response by *many* vendors.

Some of these vendors critical to the infrastructure far more than Oracle.

With all due respect to your wishes and intent, a research on different 
vendors, showing what vendor responds to threats, after how long and how 
effectively plus how many security issues appear with each would have 
made sense to me. Showing the Good and thus flushing the Bad without 
dissing anyone. Pure facts.
Attacking one vendor may make sense in some cases.. yes, again, 
attacking one vendor in public in *this* *fashion* may be long over-due, 
but it also seems to me to be rather.. in poor taste? Especially coming 
out of the blue with no past public statements.

I sympathize with your concerns and I am known to be FAR from a person 
who doesn't voice his opinions - and loudly, but it only makes me wonder 
why now, why them and why here.

Now, I am not an Oracle advocate - far from it, but your subject line 
says it all, and makes me look-down on your post automatically, which is 
a shame:
"Complete failure of Oracle security response and utter neglect of their 
responsibility to their customers"

Complete? Failure? Utter neglect? You better have some liability 
coverage. Adding "opinion" there might not be good enough, right or wrong.

Thanks for your time,

	Gadi Evron.

-- 
My blog: http://blogs.securiteam.com/?author=6

"The third principle of sentient life is the capacity for self-sacrifice 
--- the conscious ability to override evolution and self-preservation 
for a cause, a friend, a loved one."
	-- Draal, "A Voice in the Wilderness", Babylon 5.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ