Oracle's Ellison to take stage at next RSA confab

The high-profile RSA Conference has proven to be a worthwhile podium for Microsoft's security message, and now Oracle is following suit.

Oracle Chief Executive Officer Larry Ellison is slated to address the RSA Conference 2007 in February, Sandra Toms LaPedis, general manager of the conference, told CNET News.com. The Redwood Shores, Calif.-based business software maker is paying $220,000 to be one of nine "platinum sponsors" of the San Francisco event, she said.

Larry Ellison
CEO, Oracle

Letty Ledbetter, an Oracle spokeswoman, confirmed Wednesday that the company is a platinum-level sponsor at RSA Conference 2007. She could not, however, provide details on Ellison's speech. It is the first time that Ellison will speak at the annual RSA Conference, LaPedis said.

Oracle's backing of the security confab comes as the company faces continued scrutiny over its security practices.

"Oracle has lost the high ground in security," said John Pescatore, an analyst at Gartner. "I think this is part of them seeking to come back."

Oracle likes to boast that the Central Intelligence Agency was its first customer and once marketed its products as "unbreakable." However, the company's security reputation has been hurt by a flood of security flaws in its products and vocal criticism from researchers about its security practices.

The comparison with Microsoft is easy to make, Pescatore said. "When Microsoft started getting pounded on, that is when you saw Microsoft pouring in money and keynoting," he said. Microsoft Chairman Bill Gates first delivered the opening keynote speech at the RSA Conference in 2004, and his appearance has become an annual affair.

Signing up for the RSA Conference certainly means Oracle has something to say about security and the importance of security in the industry, LaPedis said.

"At the time that Gates first spoke at the conference, you saw that Microsoft was getting very aggressive in the security arena. It will be interesting to see what Ellison says," she said. Microsoft has not yet confirmed Gates' attendance for 2007, but that is not unusual this far in advance of the event, she noted.

Oracle appears to be easing up a little on the security front. Its chief security officer is now blogging, and the enterprise software company is talking to the media about security topics. However, the company is still often critiqued for its unwillingness to deal openly with researchers.

Indeed, Oracle seems to have shifted from focusing solely on product features to include security, said Alexander Kornbrust, who runs Germany's Red Database Security and often hunts for bugs in Oracle products. Kornbrust has repeatedly chided Oracle for a lack of responsiveness when it comes to product security, in particular plugging security holes.

"I, as well as other security researchers, noticed a wind of change in Oracle," he said. "The big tanker is currently changing his direction."

Oracle may also use the 2007 RSA Conference to pitch its security-related products, such as identity management software and tools to lock down a database.

"I just hope that the realization that the core products are not secure has risen up the heirarchy of Oracle," said Pete Finnigan, a security specialist in York, England. "Let's hope that Larry is going to announce a new regime and that they will fix all outstanding security bugs and not just promote a new raft of products."

Security is also rumored to be a main topic at Oracle OpenWorld 2006, scheduled for October. Yet, echoing Finnigan's remarks, Pescatore said Oracle should take care not to promote security without first getting its house in order.

"It is always smarter for vendors to make their products more secure first," he said, "and then spend money on talking about how secure they are."