Oracle CSO urges government to use its clout

Oracle CSO urges government to use its clout

The IT industry has failed to deliver the secure and reliable software needed to ensure national security, Oracle Corp.'s chief security officer says.

Mary Ann Davidson, speaking yesterday at the e-Gov Institute's Homeland Security Conference in Washington, urged the government to use its buying power to help create a culture of security among consumers and developers of software.

'Government can legislate if it is necessary, and I think it may be necessary at some point,' Davidson said. 'But a big buyer is better than a big brother, because it is more flexible.'

Davidson chided the software industry for not adhering to the types of safe development practices required in other types of engineering. To assure accountability in products, she suggested the use of software building codes and a licensing scheme for software developers.

'Right now, in the software industry no one is held accountable,' Davidson said.

She described the current IT environment as a market failure because customers do not have the information they need to make informed buying decisions. To avoid regulation of the industry, customers'including government'need to study the hidden costs of security failures and use that information to force industry to improve its practices.

'The government already has been a very good engine for change in the IT security market,' Davidson said. She cited a number of examples:

  • The Energy Department negotiated a license agreement with Oracle requiring delivery of a secure implementation of the company's software. That configuration is now becoming standard.

  • The Defense Department's security evaluation requirements are driving companies to produce better software.

  • The National Institute of Standards and Technology is 'a force for good in the universe.' NIST's evolving IT security standards and collections of best practices are 'good, practical things that are achievable and raise the bar.'

In the absence of customer pressure and industry response to improve the quality of software, government regulation to protect national security is a real possibility, Davidson said.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected