RE: Oracle Security Blasted
- From: "Gogala, Mladen" <MGogala@xxxxxxxxxxxxxxxxxxxx>
- To: "'niall.litchfield@xxxxxxxxx'" <niall.litchfield@xxxxxxxxx>, stellr@xxxxxxxxxx
- Date: Mon, 10 Oct 2005 10:51:08 -0400
Comments inline.
--
Mladen Gogala
Ext. 121
_____
From: Niall Litchfield [mailto:niall.litchfield@xxxxxxxxx]
Sent: Friday, October 07, 2005 3:57 PM
To: stellr@xxxxxxxxxx
Cc: oracle-l
Subject: Re: Oracle Security Blasted
I really had better caveat this by saying that although I live in the UK and
have a similar name, I have no connection to David Litchfield (at least none
I am aware of - it seems likely that we are at least distantly related).
[Mladen Gogala]
The comments from David Litcfield are very valid, if somewhat humorous. The
one that I have in mind is:
"Push your vendor to tell you how they build their software and
ask them if they train people on secure coding practices. "
With aforementioned outsourcing to Elbonia (a swampy country populated by
small, bearded
men wearing coned hats, resembling recent pictures from New Orleans) such a
comment is a
joke. What do you think they outsourced for? They outsourced to save money.
They are not
going to train them, that would cut into the bottom line.
Other related posts:
