View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cloud
August 12, 2015

Oracle CSO goes on license infringement warpath

Security researchers and bug bounties in the firing line in removed blog post.

By James Nunns

Oracle has been greeted with criticism after a blog post by its CSO took aim at security researchers and bug bounties.

Mary Ann Davidson, CSO, Oracle, posted a now removed blog on the official company site which appeared to threaten those attempting to reverse engineer code in order to find security vulnerabilities.

Davidson, said: "Recently, I have seen a large-ish uptick in customers reverse engineering our code to attempt to find security vulnerabilities in it. <Insert big sigh here.>

"This is why I’ve been writing a lot of letters to customers that start with "hi, howzit, aloha" but end with "please comply with your license agreement and stop reverse engineering our code, already."

Davidson went on to state that these measures are unnecessary and that simply talking to suppliers about their assurance programs or checking certifications, is good enough.

This has clearly not been good enough for enough customers to get Davidson irritated, as she advised that if the results from a scan identify reverse engineering the company will: "Send a letter to the sinning customer, and a different letter to the sinning consultant-acting-on-customer’s behalf – reminding them of the terms of the Oracle license agreement that preclude reverse engineering.

"So Please Stop It Already."

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Going on to identify the parts of the license agreement which customers would be in breach of, she also says that the customers and consultants are required to destroy the results of any reverse engineering.

For Davidson, the ends don’t justify the means when it comes to customers identify problems: "Just like you can’t break into a house because someone left a window or door unlocked. I’d like to tell you that we run every tool ever developed against every line of code we ever wrote, but that’s not true.

"Please do not waste our time on reporting little green men in our code. I am not running away from our responsibilities to customers, merely trying to avoid a painful, annoying and mutually-time wasting exercise."

Her next line of attack was bug bounties, which firms such as Facebook, Google and Microsoft all use, "Many companies are screaming, fainting and throwing underwear at security researchers to find problems in their code."

The post went on to re-iterate the terms of license agreements, which the company has recently changed for its database offerings.

The new Perpetual User License Agreement offers a change from its Unlimited License Agreement which spanned a limited time period, for example three years. At the end of the ULA the customer must certify their usage to Oracle and pay for any extra they used.

PULA removes the time requirement, instead being priced as a yearly fee according to an estimated usage, which should reduce the risk of audits or demands for additional payments later on.

While this might appear to be offering more flexibility to customers and perhaps an end to ‘brutish’ sales tactics, some are concerned that this is just a continued form of vendor lock-in.

The problems appear as customers realise that they would be forced to commit to using Oracle’s software instead of its rivals.

Keith Alsheimer, CMO, EnterpriseDB, said: "This is Oracle and they are not known for customer-friendly licensing terms. An unlimited license would simply mean that instead of an unlimited lock-in for several years, customers would be offered a perpetual lock-in to Oracle’s products and its real cash cow, its maintenance fees."

Alsheimer goes on to say that the company is frequently fielding requests from customers looking to get away from Oracle.

He said: "Oracle customers are not easily fooled. Perpetual licenses that by definition exclude alternatives to Oracle are not healthy for anyone except Oracle.

No matter how low the costs may be, enterprises today need both value and flexibility to meet marketplace demands."

The move by the company appears to be designed to help alleviate its declining software licensing sales, which in June fell 17% since last year. While its SaaS revenue increase by 29%, the company like many others is going through a transitory period.

An IDC Retail Insights study found that Western European retailers are actively embarking on digital transformations in order to gain a competitive edge over their counterparts.

It found that there is a race taking place to digitise in order to harness new revenue streams and find operational efficiencies.

The study showed that creating an omni-channel backbone will be the foundation of digital transformation, with it being essential for retail companies to have a single view of its core data elements.

Considerable investments are expected to be made in the ecommerce space as the rapidly evolving space forces retailers to add more advanced capabilities to their ecommerce platforms.

Neil Sholay, Head of Digital, EMEA, Oracle, said: "Technology is completely revolutionising the way we shop, with mobile technologies leading some of the most visible changes. However, retailers need to understand it’s not about taking mobile payments or about putting a tablet in-store and calling it digital transformation.

"There is no one switch to flick. Retailers need to combine technology with a detailed and strategic commitment to excellent customer service across all channels.

"They need to be able to meet heightened consumer expectations at every stage of the customer journey, in-store and online, and ensure customers have a deeply personalised, consistent experience no matter how they are interacting with a retailer, whether they are just browsing or making a purchase."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU