Oracle CSO Orders Customers to Stop Reverse Engineering Code

Oracle CSO Orders Customers to Stop Reverse Engineering Code

Yesterday, Oracle’s chief security officer Mary Ann Davidson uploaded a scathing blog post titled “No, You Really Can’t.” Oracle soon took the offending blog down, but the Webcache version is still visible at the time of writing.

In the blog, which is really quite extraordinary, Davidson repeatedly lambasts customers who reverse engineer Oracle code in order to find security vulnerabilities. Here are a couple choice sections from the blog:

Recently, I have seen a large-ish uptick in customers reverse engineering our code to attempt to find security vulnerabilities in it. This is why I?ve been writing a lot of letters to customers that start with ?hi, howzit, aloha? but end with ?please comply with your license agreement and stop reverse engineering our code, already.? . . .

If we determine as part of our analysis that scan results could only have come from reverse engineering (in at least one case, because the report said, cleverly enough, ?static analysis of Oracle XXXXXX?), we send a letter to the sinning customer, and a different letter to the sinning consultant-acting-on-customer?s behalf ? reminding them of the terms of the Oracle license agreement that preclude reverse engineering, So Please Stop It Already. . . .

Now is a good time to reiterate that I?m not beating people up over this merely because of the license agreement. More like, ?I do not need you to analyze the code since we already do that, it?s our job to do that, we are pretty good at it, we can ? unlike a third party or a tool ? actually analyze the code to determine what?s happening and at any rate most of these tools have a close to 100% false positive rate so please do not waste our time on reporting little green men in our code.? I am not running away from our responsibilities to customers, merely trying to avoid a painful, annoying, and mutually-time wasting exercise.

View article

Share the Post:
Heading photo, Metadata.

What is Metadata?

What is metadata? Well, It’s an odd concept to wrap your head around. Metadata is essentially the secondary layer of data that tracks details about the “regular” data. The regular

XDR solutions

The Benefits of Using XDR Solutions

Cybercriminals constantly adapt their strategies, developing newer, more powerful, and intelligent ways to attack your network. Since security professionals must innovate as well, more conventional endpoint detection solutions have evolved

AI is revolutionizing fraud detection

How AI is Revolutionizing Fraud Detection

Artificial intelligence – commonly known as AI – means a form of technology with multiple uses. As a result, it has become extremely valuable to a number of businesses across

AI innovation

Companies Leading AI Innovation in 2023

Artificial intelligence (AI) has been transforming industries and revolutionizing business operations. AI’s potential to enhance efficiency and productivity has become crucial to many businesses. As we move into 2023, several

data fivetran pricing

Fivetran Pricing Explained

One of the biggest trends of the 21st century is the massive surge in analytics. Analytics is the process of utilizing data to drive future decision-making. With so much of

kubernetes logging

Kubernetes Logging: What You Need to Know

Kubernetes from Google is one of the most popular open-source and free container management solutions made to make managing and deploying applications easier. It has a solid architecture that makes