Oracle CSO urges government to use its clout

Oracle CSO urges government to use its clout

The IT industry has failed to deliver the secure and reliable software needed to ensure national security, Oracle Corp.'s chief security officer says.

Mary Ann Davidson, speaking yesterday at the e-Gov Institute's Homeland Security Conference in Washington, urged the government to use its buying power to help create a culture of security among consumers and developers of software.

'Government can legislate if it is necessary, and I think it may be necessary at some point,' Davidson said. 'But a big buyer is better than a big brother, because it is more flexible.'

Davidson chided the software industry for not adhering to the types of safe development practices required in other types of engineering. To assure accountability in products, she suggested the use of software building codes and a licensing scheme for software developers.

'Right now, in the software industry no one is held accountable,' Davidson said.

She described the current IT environment as a market failure because customers do not have the information they need to make informed buying decisions. To avoid regulation of the industry, customers'including government'need to study the hidden costs of security failures and use that information to force industry to improve its practices.

'The government already has been a very good engine for change in the IT security market,' Davidson said. She cited a number of examples:

  • The Energy Department negotiated a license agreement with Oracle requiring delivery of a secure implementation of the company's software. That configuration is now becoming standard.


  • The Defense Department's security evaluation requirements are driving companies to produce better software.


  • The National Institute of Standards and Technology is 'a force for good in the universe.' NIST's evolving IT security standards and collections of best practices are 'good, practical things that are achievable and raise the bar.'


In the absence of customer pressure and industry response to improve the quality of software, government regulation to protect national security is a real possibility, Davidson said.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • robot typing on laptop (Zapp2Photo/Shutterstock.com)

    GSA to agencies: Tap MGT for emerging tech

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group