Recently, I have seen a large-ish uptick in customers reverse engineering our code to attempt to find security vulnerabilities in it. This is why I’ve been writing a lot of letters to customers that start with “hi, howzit, aloha” but end with “please comply with your license agreement and stop reverse engineering our code, already.”
there are a lot of things a customer can do like, gosh, actually talking to suppliers about their assurance programs or checking certifications for products for which there are Good Housekeeping seals for (or “good code” seals) like Common Criteria certifications or FIPS-140 certifications.
Q. Surely the bad guys and some nations do reverse engineer Oracle’s code and don’t care about your licensing agreement, so why would you try to restrict the behavior of customers with good motives?
A. Oracle’s license agreement exists to protect our intellectual property. “Good motives” – and given the errata of third party attempts to scan code the quotation marks are quite apropos – are not an acceptable excuse for violating an agreement willingly entered into. Any more than “but everybody else is cheating on hi
その通りだよ思うけど (スコア:-1)
GIGAZINと@ITを読んだけど、
脆弱性を見つけてくれるのはありがたいし、そこは感謝してる。
ただし、リバースエンジニアリングはライセンス違反だから訴える。
何もおかしな点はないと思うけどなぁ。
Re: (スコア:3, 参考になる)
> 脆弱性を見つけてくれるのはありがたいし、そこは感謝してる。
違う。「脆弱性報告はほとんどゴミだし、うちはちゃんと賞をもらってるから安全だし、解析はライセンス違反だからやめろ」って書いてる。1980年代並みのことが本当に書いてある。
https://web.archive.org/web/20150811052336/https://blogs.oracle.com/ma... [archive.org]
Recently, I have seen a large-ish uptick in customers reverse engineering our code to attempt to find security vulnerabilities in it. This is why I’ve been writing a lot of letters to customers that start with “hi, howzit, aloha” but end with “please comply with your license agreement and stop reverse engineering our code, already.”
there are a lot of things a customer can do like, gosh, actually talking to suppliers about their assurance programs or checking certifications for products for which there are Good Housekeeping seals for (or “good code” seals) like Common Criteria certifications or FIPS-140 certifications.
Q. Surely the bad guys and some nations do reverse engineer Oracle’s code and don’t care about your licensing agreement, so why would you try to restrict the behavior of customers with good motives?
A. Oracle’s license agreement exists to protect our intellectual property. “Good motives” – and given the errata of third party attempts to scan code the quotation marks are quite apropos – are not an acceptable excuse for violating an agreement willingly entered into. Any more than “but everybody else is cheating on hi
Re:その通りだよ思うけど (スコア:0)
寄せられた脆弱性に関する情報の中には、明らかにそういった行為(ツール解析とか)でなければ見つけ出すことができないものがあるので、それは節度がどのへんにあるのか、使用に関する契約内容、ならびに、権利に関する契約内容を書面の記載で再度、確認してくださいませよって言いたかったんだろうけども、もう、おばちゃん長いことこの仕事してて、こういう通報なんて枚挙にいとまないし、おかげでくっそ忙しいし、もうひとりいるデビッドソン@男は社内でツクツク、チクチクしやがってうっせーし、あたしなんか、最初はプロダクトマネージャーだったし、セキュリティに関するカンファレンスでたくさん講演やって指導もして意見も言ってきたけど、プログラミングなんてわかんないし、やったことないし、あんたたちが騒ぐからあたしの立場が危なくなるのがわっかんないの? いー加減にしてくんなーーーーーい? って読めた(笑 おばちゃんになったから周囲から引退しろって言われてるから騒ぐのやめて!って読めた(笑