At last week's AppsWorld conference in Amsterdam Oracle chairman Larry Ellison claimed his company's software has never been hacked and blasted Microsoft for the security problems its products have faced recently.
But in a GigaFlash advisory note, analyst Michael Rasmussen shot down the claims, pointing out that since Oracle first announced its "unbreakable" software campaign in September, three major flaws have been uncovered in its products.
He said that hackers took the company's security stance as a challenge. As a result Rasmussen said that in the Oracle Application Server software there was a PL/SQL Apache Module buffer-overflow vulnerability, a PL/SQL Apache Module directory-traversal vulnerability and a path-revealing vulnerability.
Microsoft, the target of many hacking attacks, also affirmed security as a number one priority. In a recent interview chief executive officer Steve Ballmer noted that all software contained security holes. "We are committed to responding quickly and openly when vulnerabilities are discovered," he said.
But in many ways, security is a cat and mouse game between the hacker and the software supplier. Giga's Rasmussen advised users to "buy the product that best meets business needs (security being one of them) and be vigilant." He also warned suppliers who consider claiming their software is secure to think again.