Analyst organisation Giga Information Group has cast doubt over
Oracle's claims that its software is unbreakable.
At last week's AppsWorld conference in Amsterdam Oracle chairman
Larry Ellison claimed his company's software has never been hacked
and blasted Microsoft for the security problems its products have
faced recently.
But in a GigaFlash advisory note, analyst Michael Rasmussen shot
down the claims, pointing out that since Oracle first announced its
"unbreakable" software campaign in September, three major flaws
have been uncovered in its products.
He said that hackers took the company's security stance as a
challenge. As a result Rasmussen said that in the Oracle
Application Server software there was a PL/SQL Apache Module
buffer-overflow vulnerability, a PL/SQL Apache Module
directory-traversal vulnerability and a path-revealing
vulnerability.
Microsoft, the target of many hacking attacks, also affirmed
security as a number one priority. In a recent interview chief
executive officer Steve Ballmer noted that all software contained
security holes. "We are committed to responding quickly and openly
when vulnerabilities are discovered," he said.
But in many ways, security is a cat and mouse game between the
hacker and the software supplier. Giga's Rasmussen advised users to
"buy the product that best meets business needs (security being one
of them) and be vigilant." He also warned suppliers who consider
claiming their software is secure to think again.