Oracle unshakeable on unbreakable promise

Talking to InformationWeek Australia at OracleWorld 2003 in San Francisco, Davidson said that after the campaign was launched Oracle detected a huge jump in port scans of Oracle's network from 2,000 a week to 30,000.

“When we launched the campaign, we were challenged by a number of countries who asked 'how could you say that?'. We were really flinging down the gauntlet.”

While she conceded that absolute security was not possible, Davidson said “unbreakable” was really about assurance, something that customers were looking for. It also raised the industry bar for developing software that can withstand harsh security evaluation.

Davidson said Oracle had a team of ethical hackers within the company that looked for security vulnerabilities on products that were under development. This team reports directly to her.

Davidson believed software vendors had a responsibility to create and maintain security on their products. “On a fundamental level, you can't outsource security,” she said. “There isn't a third party product you can buy to save you. You can buy anti-virus software and firewall, but people still have to patch and vendors still have to create patches.”

“The biggest issue in security today is the cultural problem,” Davidson said.

As part of her role as CSO, Davidson has had to infuse such a culture of security amongst her staff and developers. “We already had a good nature of security within the company, as the company that supplied the database to the Central Intelligence Agency (CIA). When you're guarding the nation's secrets, security permeates your culture.”

According to Davidson, security is an important element of Oracle's newly launched 10g product offering, particularly surrounding identity management.

Davidson also said Oracle could “look at acquisitions [in security in the future] as a potential to enhance its strength”.

Siobhan Chapman travelled to OracleWorld 2003 in San Francisco as a guest of Oracle.