In the middle of a bit of a roller coaster week, I attended the workshop from Frits Hoogland about "Oracle Security done Right".
There is of course a lot to be said (and written) about security and every situation will demand a tailored approach.
But Frits laid down a relatively "Simple" approach.
He shows how to cover both accountability and auditability.
A true "Trust but Verify" approacht. And Simple.
The approach merits a good look and during the workshop already there was some good discussion.
It will not be the be-all-end-all of security, but it is a good start.
A bit of criticism wont hurt. A discussion will probably make the approach better.
Just remember: keep it simple. Please.
And that is why I think his approach is worth some attention.
1 day ago
