Giga slams Oracle security claims

News

Giga slams Oracle security claims

Cliff Saran
Analyst organisation Giga Information Group has cast doubt over Oracle's claims that its software is unbreakable.

At last week's AppsWorld conference in Amsterdam Oracle chairman Larry Ellison claimed his company's software has never been hacked and blasted Microsoft for the security problems its products have faced recently.

But in a GigaFlash advisory note, analyst Michael Rasmussen shot down the claims, pointing out that since Oracle first announced its "unbreakable" software campaign in September, three major flaws have been uncovered in its products.

He said that hackers took the company's security stance as a challenge. As a result Rasmussen said that in the Oracle Application Server software there was a PL/SQL Apache Module buffer-overflow vulnerability, a PL/SQL Apache Module directory-traversal vulnerability and a path-revealing vulnerability.

Microsoft, the target of many hacking attacks, also affirmed security as a number one priority. In a recent interview chief executive officer Steve Ballmer noted that all software contained security holes. "We are committed to responding quickly and openly when vulnerabilities are discovered," he said.

But in many ways, security is a cat and mouse game between the hacker and the software supplier. Giga's Rasmussen advised users to "buy the product that best meets business needs (security being one of them) and be vigilant." He also warned suppliers who consider claiming their software is secure to think again.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.
 

COMMENTS powered by Disqus  //  Commenting policy