Giga slams Oracle security claims


Giga slams Oracle security claims

Cliff Saran
Analyst organisation Giga Information Group has cast doubt over Oracle's claims that its software is unbreakable.

At last week's AppsWorld conference in Amsterdam Oracle chairman Larry Ellison claimed his company's software has never been hacked and blasted Microsoft for the security problems its products have faced recently.

But in a GigaFlash advisory note, analyst Michael Rasmussen shot down the claims, pointing out that since Oracle first announced its "unbreakable" software campaign in September, three major flaws have been uncovered in its products.

He said that hackers took the company's security stance as a challenge. As a result Rasmussen said that in the Oracle Application Server software there was a PL/SQL Apache Module buffer-overflow vulnerability, a PL/SQL Apache Module directory-traversal vulnerability and a path-revealing vulnerability.

Microsoft, the target of many hacking attacks, also affirmed security as a number one priority. In a recent interview chief executive officer Steve Ballmer noted that all software contained security holes. "We are committed to responding quickly and openly when vulnerabilities are discovered," he said.

But in many ways, security is a cat and mouse game between the hacker and the software supplier. Giga's Rasmussen advised users to "buy the product that best meets business needs (security being one of them) and be vigilant." He also warned suppliers who consider claiming their software is secure to think again.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

COMMENTS powered by Disqus  //  Commenting policy