Mary Ann Davidson's view of the relationships between software vendor and the security researchers

Mary Ann Davidson , CSO of Oracle, has recently discussed the differences between perception among security researchers and the reality that the software developers face. Using examples from her company, she addressed three notions that cause conflicts between those groups.

• You should be able to fix this in two days
• The more notorious I am, the more business I will get
• I should always get credit for vulnerabilities I find

To read more on her view, please click here.

Who said that open source is more secure?

As the number of users of popular open-source software products increases, they are becoming a center of attention for the hacker community. Evidence: hackers have developed exploits that take advantage of a newly published International Domain Name flaw in Mozilla’s Firefox browser. To read more, please click here.

Can the Cisco fiasco teach us the importance of the periodical release and update of patches?

Looking at the controversy created by a ISS employee who were going to disclose Internet security vulnerabilities in Cisco's Internetwork Operating System (IOS) at the 2005 Black Hat security conference in Las Vegas. Michael Mullins thinks that this should be a lesson to organizations who do not have a standardized policy for the patch management processes. To read more, click here.