Oracle recently was so bold to declare ``Oracle 9i Database: Unbreakable. Can't break it. Can't break in''. The center of a huge post-9/11 marketing campaign in order to convey a ``sense of certainty in an uncertain time''. The security community was only so glad to embarrass them for making such a ridiculous claim. One individual found nine serious exploits in Oracle's software only weeks later.
- The Peon's Guide To Secure System Development Michael Bacarella, Netgraft Corp
When Larry Ellison first made this claim, I thought it was absolutely brilliant. He knew damned well Oracle wasn't bulletproof, but he wasn't sure what vulnerabilities it had.
Solution? Boast about how secure your software is with the full knowledge that the world is full of hackers who love to try and break software. He knew they couldn't resist the temptation to try. You may as well have been asking a little kid not to eat a piece of candy in his pocket.
Result? Tons of free consulting that resulted in the exposure of security flaws that they could now fix. Hell, if they were lucky, some of the folks even sent a patch. I would have done the same thing Mr. Ellison did, although with the knowledge that you can't go to that well too many times.
Thanks for the free work....SUCKERS!
Re:however...
djberg96 on 2002-11-17T14:18:03
True, but my main point is that there are so many programmers/hackers out there who never saw through Mr. Ellison's stunt, and still don't (or won't).
