• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia

Trendingnow

1

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year

2

Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster

3

Elon Musk on MacKenzie Scott giving away $26 billion of her fortune: 'Sadly,' it makes the world a worse place

1

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year

2

Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster

3

Elon Musk on MacKenzie Scott giving away $26 billion of her fortune: 'Sadly,' it makes the world a worse place
TechChanging Face of Security

Oracle’s security chief posted a crazy ranting tirade. Then Oracle deleted it.

Robert Hackett
By
Robert Hackett
Robert Hackett
Down Arrow Button Icon
Robert Hackett
By
Robert Hackett
Robert Hackett
Down Arrow Button Icon
August 11, 2015, 7:41 PM ET
Oracle To Report Quarterly Earnings
REDWOOD CITY, CA - DECEMBER 16: A traffic sign with the Oracle logo is displayed outside of the Oracle headquarters on December 16, 2014 in Redwood City, California. Oracle will report second quarter earnings on Wednesday. (Photo by Justin Sullivan/Getty Images)Photograph by Justin Sullivan — Getty Images
Add Fortune on Google for similar content.

Take note: If your job is to protect software, it’s probably not a good idea to tick off hackers.

Mary Ann Davidson, the chief security officer of Oracle (ORCL), the world’s second-largest software maker, has said she’s been irritated by how often she’s had to have a particular conversation with computer crackers. While the hackers like to point out what they deem to be security flaws in Oracle software—in the hopes of winning compensation and credit—she has to keep telling them that they’re violating their licenses by engaging in such research.

The volume and generally poor quality of the findings have been distracting and frustrating for her team, she has said.

So to hell with it, she decided on Monday. In a state of apparent exasperation, she penned a long, ranting tirade against vulnerability-hunting security researchers. The post didn’t last long on the company’s corporate blog, however, before Oracle pulled it down. (You can read an archived version here.)

Rather than welcoming a helping hand from the hacker community (or even politely demurring), Davidson smacked the living bejesus out of it. “Please Stop It Already,” Davidson wrote, exhorting computer bug hunters who reverse engineer Oracle source code in the hopes of finding flaws to quit the practice. In so doing, researchers often break the terms of the company’s end user license agreements, she noted. “Please don’t go there,” she said. “Don’t. Just—don’t.”

 

“I’m not beating people up over this merely because of the license agreement,” she continued, citing a prevalence of false positives turned up by security consultants and scanning tools as an unwelcome nuisance. “(P)lease do not waste our time on reporting little green men in our code. I am not running away from our responsibilities to customers, merely trying to avoid a painful, annoying, and mutually-time wasting exercise.”

To paraphrase: We can handle our security ourselves, thank you very much.

Oracle deleted the blog post shortly after it appeared. “We removed the post as it does not reflect our beliefs or our relationship with our customer,” read a statement provided to Fortune by a company spokesperson, attributed to Edward Screven, Oracle executive vice president and chief corporate architect.

But Davidson’s screed had already struck a nerve in the security community. (Search the hashtag #oraclefanfic on Twitter, for instance.)

“I understand what Mary Ann was trying to achieve with this post, but what they really need is a way to control the flow of information without simply saying ‘Don’t… Just don’t,'” commented the co-founder and CEO of bug bounty startup BugCrowd, via email. “All that being said, I’m really glad that they took the post down. This means, in spite of the tone of the email, she’s listening to the community (who had a unanimously bad reaction).”

Chris Wysopal, chief technology and information security officer at the application security firm Veracode, weighed in via email, too. He described Davidson’s “discouraging” remarks as “an attempt to turn back the progress made to improve software security.”

In a mock Q&A, Davidson explained what would happen in the event that a researcher did find a true bug. In short: her team would fix it quietly, begrudgingly, without thanks, and move on.

Q. What does Oracle do if there is an actual security vulnerability?

A. I almost hate to answer this question because I want to reiterate that customers Should Not and Must Not reverse engineer our code. However, if there is an actual security vulnerability, we will fix it. We may not like how it was found but we aren’t going to ignore a real problem – that would be a disservice to our customers. We will, however, fix it to protect all our customers, meaning everybody will get the fix at the same time. However, we will not give a customer reporting such an issue (that they found through reverse engineering) a special (one-off) patch for the problem. We will also not provide credit in any advisories we might issue. You can’t really expect us to say “thank you for breaking the license agreement.”

There is, of course, a danger in alienating bug hunters. Code has flaws. And laying down a prohibition against finding them will not stop security researchers from continuing to poke around. Without an alternative option, those researchers might simply choose sell their findings to the highest bidder. Say, an unfriendly nation state.

Perhaps Oracle might benefit from a policy update, one that does not forbid vulnerability-seeking and one that clearly delineates what counts as a valid bug and what does not. Already, big tech companies ranging from Google (GOOG) to Microsoft (MSFT) sponsor bug bounty programs. More recently, United Airlines (UAL) and Tesla (TSLA) have hopped on board with programs of their own.

According to Josh Corman, founder of the security advocacy group I am the Cavalry, not attacking bug hunters and those that approach companies with vulnerabilities is a best practice.

There might be fewer erroneous submissions and ticked off hackers that way—and more importantly, better security.

[fortune-brightcove videoid=4414732304001]

About the Author
Robert Hackett
By Robert Hackett
Instagram iconLinkedIn iconTwitter icon
See full bioRight Arrow Button Icon
Add Fortune on Google for similar content.

Latest in Tech

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025

Most Popular

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Fortune Secondary Logo
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • World's Most Admired Companies
  • See All Rankings
  • Lists Calendar
Sections
  • Finance
  • Fortune Crypto
  • Features
  • Leadership
  • Health
  • Commentary
  • Success
  • Retail
  • Mpw
  • Tech
  • Lifestyle
  • CEO Initiative
  • Asia
  • Politics
  • Conferences
  • Europe
  • Newsletters
  • Personal Finance
  • Environment
  • Magazine
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
  • Group Subscriptions
About Us
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • Facebook icon
  • Twitter icon
  • LinkedIn icon
  • Instagram icon
  • Pinterest icon

Latest in Tech

As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
Big TechNvidia
As Big Tech showers employees with perks to win the talent war, Nvidia built a nearly $5 trillion company by making people pay for their own lunch
By Marco Quiroz-GutierrezJuly 1, 2026
2 hours ago
Dell’s AI boom is real, but so is the profit margin hit nobody is pricing in
AIDell Technologies
Dell’s AI boom is real, but so is the profit margin hit nobody is pricing in
By Mia OsmonbekovJune 30, 2026
14 hours ago
Image of colored bar charts with one being pushed up.
NewslettersEye on AI
AI is minting billion-dollar companies faster than before
By Beatrice NolanJune 30, 2026
16 hours ago
Anthropic CEO Dario Amodei pointing to his head.
AIAnthropic
At the heart of Anthropic’s clashes with the U.S. government, a decision not to play by the new rules of Trump’s Washington
By Jeremy KahnJune 30, 2026
19 hours ago
wb
CommentaryLeadership
I grew BDO from $600 million to $3.4 billion. Here’s the 3-part formula that made it possible
By Wayne BersonJune 30, 2026
20 hours ago
vinod
CommentaryData centers
Vinod Khosla: AI’s energy crisis has a fix — and it doesn’t need the grid
By Vinod KhoslaJune 30, 2026
20 hours ago

Most Popular

MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
Success
MacKenzie Scott alone accounted for one-third of America's $19.2 billion in megagifts last year
By Sydney LakeJune 25, 2026
6 days ago
Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster
Success
Philanthropy leader at Warren Buffett and Bill Gates’ Giving Pledge says children of billionaires are pushing them to give their wealth away faster
By Preston ForeJune 27, 2026
4 days ago
Elon Musk on MacKenzie Scott giving away $26 billion of her fortune: 'Sadly,' it makes the world a worse place
Success
Elon Musk on MacKenzie Scott giving away $26 billion of her fortune: 'Sadly,' it makes the world a worse place
By Sydney LakeJune 29, 2026
2 days ago
'Humanity has chosen to become idiots': This Brown professor switched to take-home exams after a mass shooting and discovered mass cheating
AI
'Humanity has chosen to become idiots': This Brown professor switched to take-home exams after a mass shooting and discovered mass cheating
By Catherina GioinoJune 29, 2026
1 day ago
The U.S. Army is opening military bases to private billions — here's why that changes everything for the next 250 years
Commentary
The U.S. Army is opening military bases to private billions — here's why that changes everything for the next 250 years
By Marc AndersenJune 30, 2026
21 hours ago
The retired college professor fighting a $313 trespassing ticket in Wisconsin thinks he's part of a national struggle
Environment
The retired college professor fighting a $313 trespassing ticket in Wisconsin thinks he's part of a national struggle
By Catherina GioinoJune 28, 2026
3 days ago

© 2026 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.