Secure by Default

By eweek  |  Posted 2006-01-12 Print this article Print

But Oracle now has a Secure by Default initiative going on. Hows it going? We have an initiative that (to) do this across the product stack. Wouldnt it be nice if we could lock down the database and make sure other products will accept that and not break? Its amazingly hard to do, when youve got five product stacks, (and so many) platforms.
I feel so strongly about this I keep lobbying the federal government to make it a procurement practice. A Secure by Default program.
So youre saying the industry is shipping junky products now and has to be regulated to get it to snap out of it? Analysts are in good a position, and press too, to start answering questions like, "What are my cost of ownership going to be for this product? Will the patching costs will be terrible? The previous version had lots of worms." You want to know what youre getting and what it will cost you. (Companies) can also use their purchasing decisions to push (their) vendors. Arent they doing that already? I dont think customers are as knowledgeable. Theyre not coming in and saying, "Hey, give me crappy products." I think they dont know what to ask. I want empowered customers who know how to push their (vendors). Can you actually comply with a Secure by Default mandate on the part of government procurement practices? When I talk to development, I say Im pushing government to do things that we cant comply with right now. I said, "Please dont wait to do things under duress. Lets get ahead of that curve." Its just good, its one way to improve the industry. We collectively need to improve. What if civil engineers built bridges the way vendors built software? Its there, its safe. You dont worry when you walk into (a restaurant) that it will fall down. Were used to physical structures being safe. (With software, were) used to things being down and broken. Software is like the Wild West. Anybody can write code, and if they do a bad job, well, thats fine. Its time to grow up and make software reliable as physical infrastructure, because it is physical infrastructure. It means universities changing what they do, and companies hiring people who write good code and not sexy code, and maybe licensing. You want to be a leader here. Its not enough to be good. We need to foster (improvement in the industry). Im not proprietary about doing good, secure coding. Wed rather compete on feature/function, rather than who has an uglier baby. Check out eWEEK.coms for the latest database news, reviews and analysis.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel