Via Matt Blaze:
My first assumption after reading this was that Oracle's web server was hacked and this article is a parody. https://t.co/ODpT4L76TE
— matt blaze (@mattblaze) August 11, 2015
Oracle’s Mary Ann Davidson wrote an astoundingly foolish and arrogant post on why customers are wrong to find and report vulnerabilities in Oracle. It’s so bad, in fact, that it’s since been taken down (the link above is to the Internet Archive).
The post cries out for a good Fisking but no analysis could do it justice. You should really read it for yourself. The arrogant tone and lack of respect for their customers should give any Oracle user pause.
I don’t understand Oracle’s obsession with reverse engineering. We’re talking about well understood technology; There really aren’t any secrets. I’m not a database guy so I’m interested in why enterprises continue to use Oracle. Are there any reasons—other than the usual stupid ones—to prefer Oracle to, say, PostgreSQL?
Blaze has a followup Tweet on why all this matters:
Oracle's crazy don't-look-don't-tell policy on vulnerabilities is fun to mock, but also a serious threat to our community.
–
— matt blaze (@mattblaze) August 11, 2015