Oracle, about three years back, went on a limb to market its product — specifically the Oracle 9i — as "unbreakable". That was proven untrue when researchers later found several security holes, and your company released patches soon after. Do you still believe that a product can be unbreakable?
This campaign, by the way, was not my idea! Our port scans on the firewalls, showing [the number of] people rattling the doorknobs, went from 5,000 a week to 30,000 a week. No surprises there.
I guess I should go back to talk about what we said [at that time] unbreakable meant. We were talking about was the fact that we had validated our products externally against the Common Criteria and a number of other evaluation criteria. So from the time we started running the [campaign] ads, we had 14 database evaluations while our competitors had zero. We've since expanded that to 22 for our database, while our competitors have moved from zero to one.
So we were talking specifically about how we built our products. It turned out to be a good thing because it gave us a forum to talk about the importance of assurance. How do you build your products? Is it vetted? And I think that's an important message.
Can you still make something that's unbreakable? Security, in a macro sense, is about risk management. In the context of development, we're talking about what this product is designed to do, and it should do that. It should not do what it wasn't designed to do. And that's part of what's missing in the way people build software. We're not going to specifically exclude all these other things. And because you don't think about the exclusion or don't code them in, people are able to use your software for unintended purposes. That's the general cultural problem.
It's absolutely true that even if you wanted to make something that's perfectly secure, it would be unusable. The most secure system is the box that sits in a locked room and no one can connect to it.
So we can't build a perfect product, that's absolutely true. But it doesn’t mean we shouldn't strive to be better. We're already paying for bad security. One estimate puts the cost of bad security in the United States alone at $59bn (£32bn) a year. You think of (the number of) patches, worms, viruses (that are coming out), no one who works for this industry can tell me with a straight face, that the industry cannot do better. Clearly, we can.
You once served as an officer in the US Navy Civil Engineer Corps, where you earned the Navy Achievement Medal. How has that experience helped you in your role at Oracle?
I can honestly say that pretty much everything I learnt about leadership I learnt in the forces. If you're the leader or lieutenant in charge, your troops come first because they're the ones who take the hill for you. It helps when you're building a team where they're all minding the source, so to speak. I hope I look after them faithfully because you're only as good as the people who are willing to work for you.
I also read a lot of military history. It teaches how you look at battles. It helps in how I think about the defence of the network. There's this idea of self-defending network in a famous battle in the British history, where what they did was instead of just making a perimeter defence — which is something that's really indefensible — they created places to fall back to. The point is, if someone breaches the perimeter, you have to be able to fall into a position to defend. And because they built those, they were able to successfully prevail.
What does that have to do with my job? That sounds a lot like network defence to me. If someone breaches the perimeter, how can you dynamically build these places to fall back into, to get into defensible position? You're building specific places in which you can defend. He who defends everything, defends nothing.
The perimeter is important, but if someone breaches that, you need another defence. If network can do that dynamically, how great would that be? It can dynamically prevent a worm from spreading, partition the network or create on-the-fly some defensive perimeter. With the speed at which viruses spread today, if you're looking for manual intervention to save you, it's too late.
