Oracle CSO Opens Mouth, Inserts Foot

As reported by, Oracle CSO Mary Ann Davidson got near a microphone and begin pontificating on the state of security.
First she blamed the “culture of patching” that software people need to think in terms of safety security and reliability instead. The commenters at reacted the same way I did. Perhaps she needs to start in her own house first. Critical Oracle vulnerabilities seem to be routine. Yet the communication about the contents of the patches is spotty.
Next she pulled out security analogy comparing bridge building with software security. I’ve written before specifically about the bridge analogy here and again just last week here.
Next Davidson gives away her political affiliation by advocating government regulation. Cause its worked so well in other areas. Sigh. Innovation dies with regulation. Costs skyrocket. Look at what HIPPA, SOX, GLB, and FISMA have done. Better security through paperwork.