In a now-deleted blog post which is still circulating on the internet, Oracle Chief Security Officer Mary Ann Davidson went on a rant about how she doesn't want Oracle's customers or outside security researchers to find and report security bugs in Oracle's software products.
The internet's response was both outrage and humor.
As we previously reported, Davidson argued:
- That finding and reporting bugs was "almost certainly" violating Oracle's End User License Agreement or (EULA) and coming about by "reverse engineering" Oracle's products;
- Oracle was more than capable of finding all the holes itself. ("So please do not waste our time on reporting little green men in our code" she wrote.)
- If independent, professional security researchers did find and report vulnerability (often called a "vuln"), they were not to expect Oracle to credit or thank them for it, much less pay them a bounty fee for it — all of which is common practice in the enterprise software world these days.
Oracle quickly deleted the post and the company officially distanced itself from her comments. "It does not reflect our beliefs or our relationship with customers," is Oracle's official stance now.
But ... too late. The hilarious meme #oraclefanfic has taken root on Twitter.
The incident is now the butt of an ongoing stream of jokes and captioned photos. Here are a few of our favorites:
—Sean Mason (@SeanAMason) August 13, 2015
—Dave Clemente (@Dave_Clemente) August 12, 2015
—Schuyler St. Leger (@DocProfSky) August 11, 2015
—Chris Magill (@cmagill) August 11, 2015
—briankrebs (@briankrebs) August 12, 2015
—Raymond Lilly (@37point2) August 11, 2015