WebApp Sec mailing list archives
Re: [WEB SECURITY] Re: Oracle in war of words with security researcher
From: tlmacgi () regence com
Date: Fri, 27 Jan 2006 15:35:13 -0800
Hot off the presses about Oracle: --Gartner Says Oracle is "No Longer ... a Bastion of Security" (24 January 2006) Gartner has published an advisory on its web site warning administrators that they need to be "more aggressive" in securing Oracle applications because the company is not providing their customers with adequate help. Gartner analyst Rich Mogull wrote that "Oracle can no longer be considered a bastion of security" and that "the range and seriousness of the vulnerabilities patches in this update cause us great concern." Gartner is also critical of Oracle for providing less information about fixes than the industry standard, for releasing faulty or difficult-to-use patches and for the fact that Oracle does not provide workarounds for vulnerabilities. Gartner recommends that administrators protect their systems with firewalls and intrusion prevention systems and use security monitoring tools. In addition, patching is sometimes not possible because legacy versions are unsupported. http://www.zdnet.com.au/news/software/print.htm?TYPE=story&AT=39234277-2000061733t-10000002c http://www.computerworld.com/printthis/2006/0,4814,108038,00.html _____________________________________ Teri MacGill, CPA, CISSP, CIA, CISM The Regence Group Security Staff Consultant/Security Specialist (503)225 - 6023 This email is meant for the use of the intended recipient only. If you have received this email in error, please discard. Nothing in this email is meant to be binding on the sender or The Regence Group unless specifically stated. ============================================================================== IMPORTANT NOTICE: This communication, including any attachment, contains information that may be confidential or privileged, and is intended solely for the entity or individual to whom it is addressed. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure, copying, or distribution of this message is strictly prohibited. Nothing in this email, including any attachment, is intended to be a legally binding signature. ============================================================================== ------------------------------------------------------------------------- This List Sponsored by: Watchfire Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. See for yourself. Download AppScan 6.0 today. https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh --------------------------------------------------------------------------
Current thread:
- Oracle in war of words with security researcher bugtraq (Jan 26)
- Re: Oracle in war of words with security researcher robert (Jan 27)
- Re: Oracle in war of words with security researcher Byron Sonne (Jan 27)
- Re: [WEB SECURITY] Re: Oracle in war of words with security researcher tlmacgi (Jan 27)
- Re: [WEB SECURITY] Re: Oracle in war of words with security researcher Valkyrie (Jan 27)
- Re: [WEB SECURITY] Re: Oracle in war of words with security researcher Andrew van der Stock (Jan 27)
- Re: [WEB SECURITY] Re: Oracle in war of words with security researcher Paul Schmehl (Jan 27)
- Re: Oracle in war of words with security researcher Byron Sonne (Jan 27)
- Re: Oracle in war of words with security researcher robert (Jan 27)