You may have seen the news that Oracle shared a blog post (cache version here – Oracle took it down) in which the CISO essentially told the world to not help them make their software better, that the world should trust them to do it.Chris explains how they are violating license agreements by reverse engineering code, is an attempt to turn back the progress made to improve software security.
Chris Wysopal, CTO and CISO at Veracode :
“We now rely on software for everything – health, safety and wellbeing – and crafting a policy of ‘see something, say nothing’ puts us all at risk.
Application security is an enormous software supply chain issue for both enterprises and software vendors because we all rely on software provided by others. Vendors need to be responsive to their customers’ valid requests for assurance, and to security researchers who are trying to make the software we all consume better. Leaders in the industry – Google, Apple, Microsoft, Adobe – all encourage third-party code audits and bug bounty programs as a valuable extension of their own security processes.
Discouraging customers from reporting vulnerabilities or telling them they are violating license agreements by reverse engineering code, is an attempt to turn back the progress made to improve software security.”[su_box title=”About Veracode” style=”noise” box_color=”#336588″]
Veracode is a leader in securing web, mobile and third-party applications for the world’s largest global enterprises. By enabling organizations to rapidly identify and remediate application-layer threats before cyberattackers can exploit them, Veracode helps enterprises speed their innovations to market – without compromising security.Veracode’s powerful cloud-based platform, deep security expertise and systematic, policy-based approach provide enterprises with a simpler and more scalable way to reduce application-layer risk across their global software infrastructures.Veracode serves hundreds of customers across a wide range of industries, including nearly one-third of the Fortune 100, three of the top four U.S. commercial banks and more than 20 of Forbes’ 100 Most Valuable Brands.[/su_box]
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.