Oracle to use Fortify's tools to secure source code

By Derek Sooman on December 21, 2005, 6:04 PM
Oracle has announced plans to use tools developed by source-code security technology developer Fortify Software to seek out holes in Oracle's database and middleware software. According to Oracle Chief Security Officer Mary Ann Davidson, Fortify is the first company to deliver just what Oracle needs.

Fortify was the first company to listen to Oracle's description of its development process and to tailor its software to meet Oracle's needs, Davidson said.
Fortify's software is an integrated collection of tools that will be able to scan code for secure coding policy violations and other weaknesses in Oracle's 30 million lines of code.

User Comments: 5

Got something to say? Post a comment
PanicX said:
This is really cool. Scanning through the source code is the most effective way to find security flaws, unfortunately is extremely tedious and very slow going. With these sort of tools, a company should be able to release much more secure products much faster.
Subservient said:
Actually, I'm surprised it took Oracle this long to incorpertate this into thier applications. They have reported various flaws in thier software and the source-code technology should find and fix those flaws pretty easily.
MonkeyMan said:
Yeh, but you know, Hackers will be Hackers, and they will find a way around it. As soon as you get rid of one security flaw, another one arises sooner or later. Basically, security software issues have to have continuous updates to stay secured.
PanicX said:
There isn't an infinite amount of security flaws in every product. It's even possible to release a product with no flaws at all, however as you develop a product, and features, patch bugs, or bring on new programmers, the likelyhood of bugs and security flaws increases. Basically tools and practices such as VSS, commenting and debuggers are there to help mitigate these problems. While it is a good idea to update your software for the latest fixes, that doesn't mean all software needs updates.
mentaljedi said:
Perfection is an idiology and will not happen. However, an excellent program that is ALMOST flawless is just as good. why? Because it convicnes the company to do better. If a company brings out a perfect product, their next one won't be as great because they'll be overconfident and will make mistakes! But they shouldn't make mistakes on purpose either!
Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.