Software should defend itself: Oracle CSO

By Munir Kotadia, ZDNet Australia
Monday, May 28, 2007 11:56 AM

Applications will have to defend themselves from attack in the future, according to Oracle's chief security officer Mary Ann Davidson.

At the opening keynote of the AusCERT 2007 conference last week, Davidson said applications should be more like US Marines.

"Every Marine fights--whether you are a clerk or a medic, every Marine is first and foremost a Marine, which means they know how to defend themselves. This is an ethos I really think we are going to need in this new world.

"Realistically, why do we need all these [security] products in the first place--because software can't defend itself," said Davidson.

Davidson also suggested that vendors should state the methods they have used to try and keep their code as bug free as possible.

"Maybe you can't prove that this product is free of defects but at least prove to me that you use these [tools] in its development. You are going to have to have some kind of proof that you paid attention in development--even to the level of training people and what kind of software lifecycle you have," said Davidson.

Poor understanding of security and sloppy coding practises can also play a part in creating vulnerabilities but "part of it needs to be that products know how to protect themselves, they know what to expect", she said.

Developers should create software for a specific purpose and not try account for every future possibility, according to Davisdon.

"Developers are very creative and often think about usages way in the future...but by allowing every possible future they are also allow a lot more attack vectors," she said.

Databases are the "Holy Grail" for hackers
Before introducing Davidson to the stage, the general manager of AusCERT Graham Ingram pointed out how important it was that database applications are not breached.

"The databases that you hold, with names, with addresses and in some cases with credit card details, are a very rich target for the people who want to obtain that information in their attacks.

"We cannot leave behind the thinking that the databases and the database applications are, in many cases, the Holy Grail for the attackers," said Ingram.


WORTHWHILE?

0

0 votes
Blog

Talkback 0 comments

There are currently no comments for this post.

Guest user

Guest user

Level: 
Joined: —
Already a member? Log in »



 

Loading...

News from Countries/Region

Tech Jobs Now!


Search for your ideal tech job:

Mainsoft: Opening options for Java, .NET developers

Java

Mainsoft provides tools for running .NET code on the Java platform.


Read more »


Tags

  1. against
  2. antivirus
  3. asia
  4. asian
  5. attacks
  6. by
  7. critical
  8. cyber
  9. data
  10. flaw
  11. flaws
  12. found
  13. global
  14. google
  15. malware
  16. microsoft
  17. online
  18. over
  19. security
  20. sites
  21. software
  22. symantec
  23. threats
  24. uk
  25. under
  26. update
  27. updates
  28. us
  29. warns
  30. web
 
Increase performance with eco-technology innovations
Simplify your infrastructure and unify management, while lowering power and cooling costs of your datacenter.
» Maximum flexibility with powerful blade technolgy
» Bring new services and applications online faster
» Lower energy use and cost
Oracle SOA Business Software Centre
Many companies are recognizing the need to adopt standards in their efforts to build service-oriented applications.
Secure the "Next-Gen SOA Infrastructure" & "Bringing SOA Value Patterns to Life" whitepapers here

» Visit the Power Center

Up close and personal with a merger

Blog thumbnail

What can you get for 13.9 billion buckaroos? For Hewlett-Packard, US$13.9 billion would allow you to buy your way into becoming the second biggest IT services company in the industry...... by Eileen Yu

Read more »


Industry Watch: Manufacturing for Retail

Learn how the right information puts manufacturers ahead of the competition.