Database giant Oracle
is hoping to rein in the number of security vulnerabilities in its software line by going outside for some help.
For years, the company has been using an in-house tool to scan and scrub its code for weaknesses that could be open to exploit by malware
Officials at Fortify Software, a vendor of an application to discover possible code weaknesses at the source level, announced Tuesday that Oracle has been using its software the past year to root out potentially damaging code.
Announcing Oracle as a customer is good news to Fortify executives; until today, its biggest software developer customers on record were Flash giant Macromedia
and identity management vendor Oblix, which was acquired by Oracle in March. The company’s customer base is primarily based among companies in the financial services industry.
“Certainly, no one can ever come up to us and say, ‘Well, I don’t think you could handle a code base our size,’ when we can demonstrate we can handle a 30 million line code base,” said John Jack, Fortify president and CEO. “More importantly, the win gives credibility to the whole idea that a secure development lifecycle is ever more critical in today’s world, where you have professional criminal hackers that are trying to exploit software for criminal gain, and not just notoriety anymore.”
So far, Oracle has only licensed Fortify’s software for its server technology — database, application server, identity management, collaboration suite and enterprise manager — because the server technology group environment is different than its E-Business line, said Mary Ann Davidson, Oracle chief security officer.
Davidson believes every software developer needs to have something like Fortify in its software security development plans, and she calls on the industry to adopt similar measures to weed out potential weaknesses in the code.
“We’ve got lots of Band-Aid products out there that mostly exist because of faults in software that need to be plugged, and the right [way to solve the] problem is to make sure you don’t have those in the first place, and then you won’t need so many Band-Aids,” she said.