In a now-deleted blog post which is still circulating on the internet, Oracle Chief Security Officer Mary Ann Davidson went on a rant about how she doesn’t want Oracle’s customers or outside security researchers to find and report security bugs in Oracle’s software products.
The internet’s response was both outrage and humour.
As we previously reported, Davidson argued:
- That finding and reporting bugs was “almost certainly” violating Oracle’s End User Licence Agreement or (EULA) and coming about by “reverse engineering” Oracle’s products;
- Oracle was more than capable of finding all the holes itself. (“So please do not waste our time on reporting little green men in our code” she wrote.)
- If independent, professional security researchers did find and report vulnerability (often called a “vuln”), they were not to expect Oracle to credit or thank them for it, much less pay them a bounty fee for it — all of which is common practice in the enterprise software world these days.
Oracle quickly deleted the post and the company officially distanced itself from her comments. “It does not reflect our beliefs or our relationship with customers,” is Oracle’s official stance now.
But … too late. The hilarious meme #oraclefanfic has taken root on Twitter.
The incident is now the butt of an ongoing stream of jokes and captioned photos. Here are a few of our favourites:
— Sean Mason (@SeanAMason) August 13, 2015
— Dave Clemente (@Dave_Clemente) August 12, 2015
Oracle senior vice president and Chief Corporate Architect Edward Screven gave Business Insider the following statement:
The security of our products and services has always been critically important to Oracle. Oracle has a robust program of product security assurance and works with third party researchers and customers to jointly ensure that applications built with Oracle technology are secure. We removed the post as it does not reflect our beliefs or our relationship with our customers.