Shostack + Friends Blog Archive


Security & Orientation

36-views.jpgWhen Larry Ellison said “We have the security problem solved,” a lot of jaws dropped. A lot of people disagree strongly with that claim. (Ed Moyle has some good articles: “Oracle’s Hubris: Punishment is Coming,” “Oracle to World: ‘Security Mission Accomplished…’“) That level of dripping sarcasm is fairly widespread amongst the security experts I talk to, based on their technical evaluations of Oracle’s promises and delivery.

Dave Litchfield actually explained it to me. Let me say that again, because I’ve been told that David Litchfield isn’t liked in certain neighborhoods of Redwood Shores. I can’t understand why. David explained that Oracle is using “security” in a specific way, which is to say that they have certifications and processes that their customers care about. That Oracle is speaking to their customers at the executive level, not the security or technology level. The way they use security is just as correct as the way in which I use security, and means quite different things. [Updated for clarity.]

I should have seen this sooner. I’ve spoken extensively about how privacy has many meanings, and the same is true of security. I regularly discuss Boyd’s concept of orientation, and even have a category for it.

The picture? Suruga Bay, from Hiroshige’s 36 Views of Mt. Fuji.

2 comments on "Security & Orientation"

  • Jason Axley says:

    I pointed this out as humorous on my blog
    It seems that Oracle just can’t stop making outrageous hyperbolic claims about how great they are at security. My guess is the chickens are coming home to roost soon.
    I didn’t realize until I read the linked postings that their hubris is even worse than I thought. Ugh. Thanks for the additional info.

  • Alex Hutton says:

    Reminds me of ISS marketing with Chris Klaus on the front proclaiming that Proventia “is the silver bullet”?
    Or this one
    Or the naivete’ of certain elements of the mac faithful…

Comments are closed.