Full disclosure: In fairness, Oracle was far from alone in being slow to adopt the idea that software vendors needed to turn patching into a core security function while acknowledging that vulnerability hunters were allies in disguise rather than enemies.Nevertheless, occasional missteps have continued up to the present, most recently in the evasive and confused reporting of an alleged breach of Oracle servers earlier this year by an attacker exploiting a known vulnerability, CVE-2021-3558.The company’s initial response was to send customers emails denying that a breach had happened, before later conceding that, while an incident had occurred, it involved “two obsolete servers” not used to store important customer data.The impression was of a company disclosing as little as possible in the hope that customers might not notice and journalists would eventually stop asking questions. There is no suggestion that this strategy was Davidson’s doing, although given her history of publicly downplaying critical issues, arguably she should have stepped in sooner.”The breach at Oracle falls under SEC disclosure rules. If it was downplayed or not reported properly, that could be significant,” commented Timothy J. Marley of US cyber security consultancy Prism One. However, connecting her departure to the recent breach was probably going too far.”You almost never see that sort of tenure in security leadership. Honestly, I wouldn’t be shocked if she simply decided it was the right moment to step aside,” Marley said.More likely, however, is that Oracle is now undergoing a generational shift to younger executives more attuned to AI. “AI is forcing all of us to rethink our strategies and tactical solutions,” he said. “We’re doing our best to prepare for an uncertain future. For those of us who’ve been around a while, it really is about adapting quickly or risking being left behind.”In addition, according to Brad Shimmin, VP & practice lead at analyst company The Futurum Group, the advent of AI was more than a simple segue into a new market sector for Oracle, and challenged its long-held assumptions about security.”AI itself has changed the way companies and attackers view the security landscape, not only elevating the stakes and radically expanding the attack surface, often beyond the confines of current experience and knowledge,” Shimmin said.
First seen on csoonline.com
Jump to article: www.csoonline.com/article/4042448/surprise-departure-of-oracle-security-chief-as-company-shifts-focus-to-ai.html
