Page 24 - index
P. 24
Innovation and Security Need a Community
By Lenley Hensarling, Vice President, Strategy and Product Management, EnterpriseDB
The maelstrom of controversy in the wake of the now famous blog from Oracle’s Chief Security
demonstrate a certain tension between Oracle and its customers. She raised several valid points,
such as the need to comply with contractual commitments around reverse engineering source code.
But the tone of her post, and other posts called out in the media, was belligerent toward Oracle
customers.
The language didn’t carry the sense that, in this world of internet-connected applications and
infrastructure, the vendor and customer are in it together, by necessity, and in point of fact.
If companies using technology and companies producing technology are to succeed in doing their
best to provide security in an increasingly insecure world, there has to be a sense of cooperation.
One reason for this is that security is not only rendered in the software, but also in how it is
deployed and there is a reflexive relationship between the two in achieving the most secure
solution. It is also impossible for a vendor to understand and anticipate every possible way their
software will be deployed.
Customers need to understand the software, and transparency about how it works is a key part of
that. In the open source world, customers can gain that transparency to virtually any level,
dependent only on their desire and commitment.
They have access not only to documentation, but also to the source code, which is the ultimate truth
about any software.
The interplay between those using the software and those making the software is made closer in
the open source model. That leads to innovation through cooperation.
Open source contributors are typically users themselves and are focused on making the software
better. Leadership is responsive when users identify vulnerability.
The Postgres Community manages security issues in a disciplined manner, when they do arise.
Postgres, in fact, has a reputation for being the most secure open source database.
The Community publicly reports and repairs security issues primarily through the Common
Vulnerabilities and Exposures organization.
Anyone can access the 'Security' link on the PostgreSQL.org home page to report or view security
issues. Try searching http://cve.mitre.org/ for ‘PostgreSQL.’
The community also works cooperatively with 'packagers' of PostgreSQL, like EDB and other
24 Cyber Warnings E-Magazine – September 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
