A lot of overseas companies, though, are also going through Sarbanes-Oxley compliance exercises, in case they want to accept investment from or merge with a US company. That's the sort of thing that can really screw up/delay an M&A event, depending on the auditors of the US company. In fact, many startups are even going through the effort of making sure they are at least well positioned to pass a Sarbanes-Oxley audit in case they are acquired by a US public company. Matt ________________________________ From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of John Hallas Sent: Wednesday, January 16, 2008 9:59 AM To: andrew.kerber@xxxxxxxxx; bdbafh@xxxxxxxxx Cc: Chris.Taylor@xxxxxxxxxxxxxxx; oracle-l Subject: RE: OT: Oracle Critical Patch Article Sarbanes-Oxley applies to all publicly held American or quoted in America companies. Not to say that it should be ignored but it is not mandatory for everyone on this list ________________________________ From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Andrew Kerber Sent: 15 January 2008 17:51 To: bdbafh@xxxxxxxxx Cc: Chris.Taylor@xxxxxxxxxxxxxxx; oracle-l Subject: Re: OT: Oracle Critical Patch Article >>Would a dba be concerned about remote vulnerabilities for databases that support only connections from application servers that are secured? Probably not. I hope DBA's aren't using that argument. Sarbanes-Oxley applies to all publicly held companies. And the rules are just as concerned with internal security as external security. There very few oracle databases that you cannot connect to at all via sqlnet. ________________________________ The information included in this email and any files transmitted with it may contain information that is confidential and it must not be used by, or its contents or attachments copied or disclosed, to persons other than the intended addressee. If you have received this email in error, please notify BJSS. In the absence of written agreement to the contrary BJSS' relevant standard terms of contract for any work to be undertaken will apply. Please carry out virus or such other checks as you consider appropriate in respect of this email. BJSS do not accept responsibility for any adverse effect upon your system or data in relation to this email or any files transmitted with it. BJSS Limited, a company registered in England and Wales (Company Number 2777575), VAT Registration Number 613295452, Registered Office Address, First Floor, Coronet House, Queen Street, Leeds, LS1 2TW