Template:Application Security News


 * Mar 29 - Oracle's Davidson blowing steam
 * "The pressure to deal with the problem of unreliable and insecure software is building, and the industry has reached a "tipping point...it is now "chief executives who are complaining that what they are getting from their vendor is not acceptable in terms of software assurance." She also argues that Brits make good hackers because they have criminal behavior.


 * May 25- Custom escaping considered harmful
 * "Applications using 'ad-hoc methods to "escape" strings going into the database, such as regexes, or PHP3's addslashes and magic_quotes' are particularly unsafe. Since these bypass database-specific code for safe handling of strings, many such applications will need to be re-written to become secure."


 * May 22 - Oracle teaches developers security
 * "We track the security training completion status of each developer and provide regular reports on training compliance to development management and to senior corporate management to ensure a level of security training is maintained in each organization."