Oracle, like all the rest of the big software makers, regularly patches many security holes found in its software.
Just this month, Oracle issued 154 new security patches for its software. 12 of those patches were for Oracle’s E-Business Suite, its main financials app (the app that competes with rival SAP’s main enterprise resource planning product).
Six of those 12 holes were found in about an hour by interns working at security researcher ERPScan Research, founder Alexander Polyakov tells Business Insider.
Some of the holes the interns found were very dangerous and could allow a clever attacker to gain a control of the apps, Polyakov says.
ERPScan Research set the interns on Oracle’s software after Oracle Chief Security Officer Mary Ann Davidson got herself into hot water last August.
Davidson want on a rant in a now-deleted blog post about how she doesn’t want Oracle’s customers or outside security researchers to look for and report security bugs in Oracle’s software products. She told the world that Oracle was more than capable of finding all the holes itself.
Oracle took down the blog post and spokespeople quickly distanced Oracle from Davidson’s comments, saying they “didn’t reflect” the company.
So maybe it’s not big surprise that security is a big focus for the company right now.
On Tuesday afternoon, Oracle’s executive chairman and CTO Larry Ellison will be giving details on his company’s brand new plans to make Oracle’s software more secure. He hinted that the new security tech could be built into Oracle’s hardware, possibly inside the computer chip itself, and will be turned on by default, with no way to turn it off saying:
It’s just a huge problem that most of the security features we give you, we give them to you and we tell you how to use them and we tell them how to turn them on and we train you. Wouldn’t it be nicer if it was always on and always works and you didn’t have to do anything?