RE: How best to get Oracle to divulge "proprietary information"

  • From: "Mark W. Farnham" <mwf@xxxxxxxx>
  • To: <tim@xxxxxxxxx>, "'Oracle'" <oracle-l@xxxxxxxxxxxxx>
  • Date: Tue, 3 Oct 2006 12:42:58 -0400

As usual, Tim hit the nail on the head.

One thing to add: Not too many years ago it was pointed out to Oracle by two
user group boards working in concert that bugs expressed implied a hole in
the regression test suite. So whether it was the e-Business suite's Vision
database, the database's EMP database, or augmented, not necessarily user
friendly, testing databases specifically built for their own regression test
suites, it would likely be a good investment to sanitize prior bug test
data, recast them in a regression suite, and thereby win twice: Previous
bugs automatically tested in future releases AND universally viewable
example cases. Two executives at Oracle at a level where you could count on
one hand who they had to say yes sir to and a handful of technologically
hands on people well positioned in Apps, kernel, and support were on board
with that. Likely the exit of the two executives in question deflated the
initiative. I'm almost certain the investment would beat their internal rate
of return, but the financial evaluation has far too much spread in the input
values to really get an answer. Still, maybe the lurkers will remind well
positioned folks of that notion. It would certainly fit with Larry's notion
of using technology to make customers happy and thereby increase Oracle's
value and position. If the sum of the savings of avoided patch releases and
support cases is even close (or less) than the cost of quickly augmenting
the regression suites, then everyone wins. WELL, everyone but Microsoft...

-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]
On Behalf Of Tim Gorman
Sent: Tuesday, October 03, 2006 11:48 AM
To: Oracle
Subject: Re: How best to get Oracle to divulge "proprietary information"

The problem is customer privacy.  There are customer company names, 
people names, phone numbers, email addresses (i.e. contact info) as well 
as details about what the customer is trying to do in those bug texts.

Of course, there is plenty of text that is "hidden" from view without 
that justification.  But, when there is legal liability involving 
privacy and the competitive advantage of customers, one naturally tends 
to paint with a broad brush, just in case.  I'm sure that the rule 
within Oracle is "if in doubt, hide the text".

I'm sure that Oracle Legal goes ape on a regular basis on having *any* 
bug text exposed on MetaLink.  They don't give a darn about the 
advantages to customers trying to diagnose problems -- they are 
concerned only with the liabilities involved and the resulting potential 
financial exposure, and that exposure is considerable.  Think about it.

I've worked for companies that host systems for bitter competitors in 
the same industry -- these competitors actually stipulated in their 
hosting contracts that their data would not reside on the same storage 
devices as their competitors.  Of course, they would not share the same 
servers.  They even mandated that they would not share network or 
network components.  Can you imagine how these people would react if 
they found their competitor reading one of their bug texts, with some 
bit of identifying information exposed?  "Ballistic" doesn't begin to 
illustrate what would happen...

For that matter, think of the existing exposure the bug texts in 
MetaLink could represent for medical companies in the US covered by the 
HIPAA regulations.  I hate to say it, but Oracle could already very well 
be in violation of federal law on that.  It's bad enough I just said 
that on an open forum, and it is purely hypothetical and speculative, 
but what if it is true?

Think about that, and just be grateful that *any* of the bug texts are 
exposed.  Personally, I work each day with the expectation that they 
will disappear altogether.

Nuno Souto wrote:
> Charles Schultz wrote,on my timestamp of 3/10/2006 11:58 PM:
>> Or am I barking up the wrong tree?
> I think to a certain extent you are.  Feature-wise,
> I don't expect to ever see Oracle disclose the details
> of how they do the new fast sorting in 10g, for example.
> Or RAC cache.  Or a number of many other "competitive
> advantages".  They are not under the GNU license,
> so that's fair.
> However, I do object very strongly to not being able to
> check all bugs and their text in Metalink or even be
> able to see a short description of them.  After all I'm
> paying for Metalink access as a service that is supposed,
> among other things, to help me find solutions to problems
> I might be experiencing or expect to encounter.
> Or at least a note on if it is a known problem or a new
> one.  It used to be that way.  But it appears Oracle
> have lapsed back into "we're the only ones who can see
> the bugs" mode, in recent years.  And that's as annoying
> as can be!  Certainly not worth my moolah...

Tim Gorman
consultant - Evergreen Database Technologies, Inc.

website =
email   = tim@xxxxxxxxx
mobile  = +1-303-885-4526
fax     = +1-303-484-3608



Other related posts: