The following was posted to the bugtraq mailing list:
Dear security community and Oracle users,
Many of my customers run Oracle. Much of the U.K. Critical National Infrastructure relies on Oracle; indeed this is true for many other countries as well. I know that there’s a lot of private information about me stored in Oracle databases out there. I have good reason, like most of us, to be concerned about Oracle security; I want Oracle to be secure because, in a very real way, it helps maintain my own personal security. As such, I am writing this open letter.
Extract from interview between Mary Ann Davidson and IDG
IDGNS: “What other advice do you have for customers on security?”
Davidson: “Push your vendor to tell you how they build their software and ask them if they train people on secure coding practices. ”
Now some context has been put in place I can continue.