Oracle Chief Security Officer Mary Ann Davidson writes about the myths and misunderstandings surrounding security and how security researchers can actually become the problem. Davidson admits that “the vendor community needs to improve the quality of commercial software so we have far fewer vulnerabilities” and thanks “those researchers who are genuinely motivated by the public good, most of whom never get the headlines of their more notorious brethren,” but sees issues with where security research has been heading.
The three misguided notions Davidson focuses on are that fixes can be done in a matter of days, that researchers increase their business by finding more bugs, and that researchers deserve credit for every bug they find.
Interested in working with Paul? Schedule a tech call.