Hell hath no fury like a security expert's scorn. Oracle's Chief Security Officer Mary Ann Davidson learned that the hard way this week after she ignited the wrath of the web's security mavens by telling them not to surface vulnerabilities in the company's software, as it's a violation of the company's end user license agreement (EULA.)
And the web responded in the most internet way possible: with memes.
Seriously, Robin, WTF. #oraclefanfic pic.twitter.com/A6OqCCwp2m— diversario (@diversario) August 12, 2015
I feel like a monster. #oraclefanfic pic.twitter.com/xGybqjwJyw— Aris Adamantiadis (@aris_ada) August 12, 2015
Davidson wrote a long diatribe where she tells customers not to reverse-engineer the company's code in order to find potential exploits, something she says is not their job and best left to Oracle, according to the post.
She calls white-hat hackers who try to surface security issues "sinners," and says Oracle's formal ban on reverse-engineering code is about protecting intellectual property. She wrote:
The point of our prohibition against reverse engineering is intellectual property protection, not, "How can we cleverly prevent customers from finding security vulnerabilities -- bwahahahaha -- so we never have to fix them -- bwahahahaha." Customers are welcome to use tools that operate on executable code but that do not reverse engineer code.
Oracle's EULA forbids its users from recreating its code to find exploits, so Davidson is pointing to other ways to test software. But recreating the software could be the best way highlight vulnerabilities not otherwise found.
The post was widely criticized and quickly removed, but because nothing is ever truly gone from the Internet, it can be found on the Wayback machine.
The company quickly stated the post was not in line with their views.
“We removed the post as it does not reflect our beliefs or our relationship with our customers,” said Edward Screven, Oracle's executive vice president and chief corporate architect in an email.
Despite the memes, some users didn't find the controversy to be something to joke about. The software-developer and security community universally panned the post on Twitter.
Oracle should remove Mary Ann Davidson from her position instead of removing this post from their site: http://t.co/dGm5OBTqyi— Marco Olivieri (@mnosecurity) August 11, 2015
Due to her inevitable "departure" from Oracle we're offering Mary Ann Davidson the role as our Chief Sanity Obliterator! Fingers crossed!— Threatbutt (@threatbutt) August 11, 2015
This post by Oracle's CSO is just. What. pic.twitter.com/bOKuZy5f1Z— Securitay (@SwiftOnSecurity) August 11, 2015
But users continued to pillory Davidson and Oracle over the EULA, using the #oraclefanfic hashtag.
I have come here to read EULAs and reverse engineer, and I am all out of EULAs. #oraclefanfic— Yawning Angel (@yawninglol) August 12, 2015
Humanity is doomed … #oraclefanfic #justoraclethings pic.twitter.com/e6MOZzkkvq— CyberAnarchist (@Cyb3rOps) August 12, 2015
Happens to me...Every...freakin'...time.... #oraclefanfic pic.twitter.com/LoL8qBOxT4— Ben Ten (0xA) (@Ben0xA) August 12, 2015
I was going to upload the virus to the alien spacecraft and save the Earth from invasion but then I read the EULA. #oraclefanfic— Space Rogue (@spacerog) August 12, 2015
And finally, a Matrix reference. (Cause the spoon boy studies under The Oracle in the Matrix films. Get it?)
"There is no vulnerability. The EULA says so." #oraclefanfic pic.twitter.com/cUfafDCWbv— Schuyler St. Leger (@DocProfSky) August 11, 2015
Oracle is known as a business software titan. Its charismatic founder and longtime CEO Larry Ellison stepped down last year, but the company still has a strong grip on cloud-based services to mine through data.