Another day, another executive lodging their own foot firmly in their throat. This time, the party responsible for the PR faux-pas is none other than Oracle’s own Chief Security Officer, Mary Ann Davidson. In a blog post that Oracle’s already taken down and apologized for, Davidson absolutely lambasted the camp of developers who dared reverse-engineer the code in Oracle’s products.
She also rambled on about writing murder mysteries, for some reason.
“Recently, I have seen a large-ish uptick in customers reverse engineering our code to attempt to find security vulnerabilities in it,” writes Davidson. “< Insert big sigh here. > This is why I’ve been writing a lot of letters to customers that start with “hi, howzit, aloha” but end with “please comply with your license agreement and stop reverse engineering our code, already.”
The meandering essay goes into great detail about why developers need to stop tinkering with their Oracle products, but the core argument goes something like this:
- Oracle can handle it.
- It’s against your license.
- Don’t hire security consultants.
- Leave zero-day vulnerabilities alone, even if you discover them
- Seriously, Oracle can handle it.
It’s pretty condescending, not terribly well-written, and all in all a rather huge blunder on Oracle’s part. Worse still, it risks alienating Oracle’s already-flagging customer base. Probably why they sprang into action so quickly, sending Executive VP and Chief Corporate Architect Edward Screven in for damage control.
“The security of our products and services has always been critically important to Oracle,” he told ZDnet. “Oracle has a robust program of product security assurance and works with third party researchers and customers to jointly ensure that applications built with Oracle technology are secure. We removed the post as it does not reflect our beliefs or our relationship with our customers.”
So an executive said something stupid, the post was taken down, the company apologized, and the guilty party was probably reprimanded. How is this news? Why does this matter?
Because Davidson’s post and the reaction to it underscores something important about Oracle: its current business model isn’t working, and if it doesn’t change soon, it’s going to lose more than revenue.
“Back in the good ol’ days, [Oracle] could build a great database, charge a king’s ransom for it, and milk the maintenance stream forever,” muses Bloomberg’s Matt Asay. “Rinse. Repeat. Unfortunately, this model no longer works, as a series of earnings misses over the last few years have shown.”
“Oracle has become far too predictable,” says Asay. “The company that used to print money every quarter now routinely misses analyst expectations as it struggles to come to grips with the new realities of enterprise IT: open source and cloud.”
Davidson’s attitude – though it may not align with the organization’s direction as a whole – is a symptom of this predictability, if not one of its causes. It’s the reason that, as it clings to its licensing agreements, Oracle has seen sales decline for seven straight quarters. There have been scattered efforts to save face and stand by its old business model, of course – most memorably, Oracle’s attempted attack on open-source back in 2013.
The fact is, the market has evolved. No amount of “No you can’t”’s is going to change that. Oracle needs to start accepting this and embracing open source. Because otherwise, it’s going to keep losing business.
And eventually, it’s not going to have any more business left to lose.