* David Gerard: > Hmm, you're the only person so far I know of who hasn't reacted in > shock.
The blog post is pretty reasonable if you combine the Oracle mindset with the things that some people report as vulnerabilities. I totally get why she just wants to Make It Stop (because of those reports), and the way she picks contracts/licenses (because of Oracle). That being said, it's a bit odd that Oracle (of all companies) apparently allows blog posts without review. I can't believe something like that wouldn't have been caught during a review process. Regarding the contracts/licenses thing, I am pretty much fed up with the blatant disregard of applicable laws and regulations by much of the security industry. Some of the law-breaking is unavoidable. For example, as an antivirus vendor, you pretty much have to make unauthorized copies of copyrighted malware binaries, or circumvent software protection mechanisms. But there are is a lot of questionable stuff going on that seems rather avoidable. For a while now, it's been socially acceptable to exploit production services, to use vulnerabilities to exfiltrate user data and post the results publicly, allegedly to encourage better security through transparency. That can't be right. _______________________________________________ Discussion mailing list [email protected] https://mail.fsfeurope.org/mailman/listinfo/discussion
