I can tell you from Xerox's standpoint that we are taking security very seriously. We have both the internal and external audits done on quarterly basis and various reports are looked at by the auditors to make sure that we are not violating any security policy. So far we are relying on database auditing and the 11i application auditing and reports are generated from these tools and presented to the auditors. We are not using any external tool so far. Amir ________________________________ From: akolk@xxxxxxxxxxx [mailto:akolk@xxxxxxxxxxx] On Behalf Of Anjo Kolk Sent: Tuesday, August 15, 2006 9:30 AM To: Hameed, Amir Cc: oracle-l Subject: Re: Back and a Question Hi Amir, I have actually left Symantec/Veritas/Precise etc. I have been asked by a company to look into this and what I notice is a lot of talk about security but not a lot of action. Just wanted to make sure that other folks see it the same way. Anjo. On 8/15/06, Hameed, Amir <Amir.Hameed@xxxxxxxxx> wrote: Are you planning on adding a feature/module to Precise and looking for feedback from users? ________________________________ From: oracle-l-bounce@xxxxxxxxxxxxx [mailto: oracle-l-bounce@xxxxxxxxxxxxx <mailto:oracle-l-bounce@xxxxxxxxxxxxx> ] On Behalf Of Anjo Kolk Sent: Tuesday, August 15, 2006 9:10 AM To: ryan_gaffuri@xxxxxxxxxxx Cc: oracle-l Subject: Re: Back and a Question http://www.Lumigent.com <http://www.lumigent.com/> http://www.appsecinc.com <http://www.appsecinc.com/> http://www.insight-tec.com/en/ These are a few (and if other people know more let me know) companies that do DB security in one way or another. Sure there are people that can do a scan of the environment, but isn't that an one time action and shouldn't people be more involved with security on an ongoing basis? Anjo. On 8/15/06, ryan_gaffuri@xxxxxxxxxxx < ryan_gaffuri@xxxxxxxxxxx> wrote: what products check for DB security? I believe there is a whole security IT sector with people who come into companies and look for holes in their software. Is that the same thing? -------------- Original message -------------- From: "Anjo Kolk" < anjo.kolk@xxxxxxxxxxx <mailto:anjo.kolk@xxxxxxxxxxx> > So I made it back on the list, I have a question for you all about DB security. There seems to be a lot of talk about DB security, but not a lot of action. Is that true, and if it is true why don't customers act? There are products out there to check for DB security, how are they doing? Does any body on this list use them? Please share your thoughts and comments, -- Anjo Kolk Owner and Founder OraPerf Projects tel: +31-577-712000 mob: +31-6-55340888 -- Anjo Kolk Owner and Founder OraPerf Projects tel: +31-577-712000 mob: +31-6-55340888 -- Anjo Kolk Owner and Founder OraPerf Projects tel: +31-577-712000 mob: +31-6-55340888