Browse related articles
According to initial assessments by analysts, damage from the SQL Slammer worm could reach between $750 million and $1 billion USD.
The frequency and effectiveness of such attacks underscore the increasing need for vigilance by software vendors and their customers. Vendors must be vigilant in preventing common programming errors from opening up huge vulnerabilities in their software, and customers must be vigilant in procuring software that is built securely from inception, and deploy it securely. There is no 'security product' that can protect against a vendor's failure to build their products securely, just as it is impossible to put a lock on a cheap plywood door and expect it to keep out intruders, who will merely kick a hole in the door and bypass the lock entirely.
The stakes have never been higher for information security, and especially information assurance, the degree of confidence that customers can have in the security claims of a vendor. The industry standard is ISO-15408, under which licensed third parties independently evaluate the security claims of products. During most of the last decade, the fallback position has been that more customers did not require independent security evaluations because not enough vendors did them, and not enough vendors did them because customers did not demand them.
Oracle's commitment to building Unbreakable software builds upon the strength of some 25 years of building systems for the most security-conscious customers in the world - including the intelligence community and the US Department of Defense - and the assurance afforded by 15 independent security evaluations. As we run our own company on Oracle software, we have a vested interest in delivering Unbreakable software for every product we build.
We laud the vendors who subscribe to 'built in, not bolted on' security as validated by independent evaluations and we urge all other vendors to do so. Information assurance is too important an issue to be the purview of only the few and committed. The security of cyberspace in part rests on every vendor taking the Unbreakable pledge - to build products secure from inception, to ship products secure on delivery, and to complete security evaluations as proof of a product's security-worthiness.
'Trust us, we are secure' is not good enough anymore.
Mary Ann Davidson
Chief Security Officer
Oracle Corporation
E-Business security - it's time to take software security seriously
The SQL Slammer (aka 'Sapphire') worm may or may not prove to be as costly as the Code Red or LoveLetter viruses, but it was surprisingly swift and remarkably nimble.
Sunday, February 16 - 2003 at 09:58
- ADD ARTICLE TO
-
Facebook
del.icio.us
Digg">
Oracle Middle EastSunday, February 16 - 2003 at 09:58 UAE local time (GMT+4)
Replication or redistribution in whole or in part is expressly prohibited without the prior written consent of AME Info FZ LLC / Emap Limited.
This Article was updated on Saturday, May 26 - 2007
Readers' recommendation
This story is currently rated 5.43 of 10 based on 16 readers' recommendations
This story is currently rated 5.43 of 10 based on 16 readers' recommendations
Disclaimer:
The information comprised in this section is not, nor is it held out to be, a solicitation of any person to take any form of investment decision. The content of the AME Info Web site does not constitute advice or a recommendation by AME Info FZ LLC / Emap Limited and should not be relied upon in making (or refraining from making) any decision relating to investments or any other matter. You should consult your own independent financial adviser and obtain professional advice before exercising any investment decisions or choices based on information featured in this AME Info Web site.
AME Info FZ LLC / Emap Limited can not be held liable or responsible in any way for any opinions, suggestions, recommendations or comments made by any of the contributors to the various columns on the AME Info Web site nor do opinions of contributors necessarily reflect those of AME Info FZ LLC / Emap Limited.
In no event shall AME Info FZ LLC / Emap Limited be liable for any damages whatsoever, including, without limitation, direct, special, indirect, consequential, or incidental damages, or damages for lost profits, loss of revenue, or loss of use, arising out of or related to the AME Info Web site or the information contained in it, whether such damages arise in contract, negligence, tort, under statute, in equity, at law or otherwise.
The information comprised in this section is not, nor is it held out to be, a solicitation of any person to take any form of investment decision. The content of the AME Info Web site does not constitute advice or a recommendation by AME Info FZ LLC / Emap Limited and should not be relied upon in making (or refraining from making) any decision relating to investments or any other matter. You should consult your own independent financial adviser and obtain professional advice before exercising any investment decisions or choices based on information featured in this AME Info Web site.
AME Info FZ LLC / Emap Limited can not be held liable or responsible in any way for any opinions, suggestions, recommendations or comments made by any of the contributors to the various columns on the AME Info Web site nor do opinions of contributors necessarily reflect those of AME Info FZ LLC / Emap Limited.
In no event shall AME Info FZ LLC / Emap Limited be liable for any damages whatsoever, including, without limitation, direct, special, indirect, consequential, or incidental damages, or damages for lost profits, loss of revenue, or loss of use, arising out of or related to the AME Info Web site or the information contained in it, whether such damages arise in contract, negligence, tort, under statute, in equity, at law or otherwise.
Web Feeds