LAS VEGAS – A reactive approach to software security, namely following the security research community’s lead, has proven to be a winning strategy for Oracle Corp. in recent years.

Since 2008, the database giant has steadily trimmed the number of critical buffer-overflow vulnerabilities in the Oracle database server. Longtime thorn David Litchfield, however, may have forced Oracle to reassess its software security strategy after his talk Thursday at the 2012 Black Hat Briefings.

Litchfield demonstrated several working exploits against the Oracle database server’s indexing architecture, low-hanging fruit that Litchfield said has largely been ignored by attackers and Oracle — until now.


Category: DataBase Security