back to article Oracle eBusiness Suite has 'huge, massive, ginormous' pwn surface

Oracle has a 'huge, massive, ginormous' attack surface, according to one prolific and proven researcher who reckoned he gave up looking because there are too many vulns. The security tester (who requested anonymity because his presentation wasn't approved by his employer) for one of the biggest tech firms found 50 …

  1. mdr_reg

    Oracle produces bloated, buggy software...

    ... Then sticks head in sand and denies there's a problem.

    Shock, horror. In other news, water found to be wet, and bears do indeed relieve themselves in the woods.

    1. js1592

      Re: Oracle produces bloated, buggy software...

      There are not enough upvotes in the world for this.

    2. Anonymous Coward
      Anonymous Coward

      Re: Oracle produces bloated, buggy software...

      So true. I once tracked down an LDAP issue in a program to its use of the Oracle DB client - which, it turns out, included all of OpenLDAP and exported the symbols from it. So the program was binding to Oracle's OpenLDAP functions instead of the ones in the actual OpenLDAP library, with consequent mixed-runtime badness.

      There's no reason for a database client library to expose a whopping great unrelated API to its callers. That's just lazy - and dangerous.

      I think the Oracle developers believe attack surface is a feature. "Look, I've doubled the size of my attack surface!"

  2. Aodhhan

    Old news

    Everyone in InfoSec knows that each Oracle application you use on your network decreases your security posture immensely. We stopped using all Oracle products over a year ago and have gotten rid of any applications using Java. Makes patching much easier.

    Every application and OS will need patching, but when you take over 2 years to fix some items and use the general public at large to do your security testing (while charging them to use the product)... it just isn't worth the risk.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like