BlackHat and DefCon are over, and vendors are breathing sighs of relief (or, digging trenches). Let’s look at this week’s top news, according to us.
In the database world, we have two stories (a fail and a win):
– Oracle’s CSO floated a vaguely threatening blog post concerning external researchers searching for bugs in Oracle software. For most software, this is a violation of the End User License Agreement (EULA), although well-respected vendors ignore this violation when it comes to security researchers reporting security issues in their software. This is noteworthy because Oracle has made inroads into certain control systems verticals as the database of choice. Oracle quickly removed the post (which may still be read here) and issued a statement that the CSOs attitude concerning 3rd-party testing is not in line with Oracle itself. This is hard to swallow. The opinion of a corporate executive certainly has an effect on how a company acts, otherwise the worker is truly not a ‘Chief’.
– As a foil to Oracle’s failure, OSISoft has released an alert with bug fixes to their PI Historian. Some 56 security issues were identified and fixed in OSISoft software. OSISoft currently leads the ICS space in self-reporting security issues and publicizing its internal security efforts.
A handful of vehicle hacking stories follow the Vegas cons: