Oracle acquires Global Knowledge Software

Oracle will acquire Global Knowledge Software for an undisclosed sum, to boost it software training offerings.

Global Knowledge Software (GKS) produces programmes that train users on different business software, including that from Oracle, Microsoft and SAP.

“Our customers are looking for a consistent, cost effective training solution across the enterprise to speed software adoption by end-users,” said Ed Abbo, Senior Vice President of Oracle Application Development.

GKS’ products will complement Oracle’s existing training software, Oracle Tutor, along with its learning management software, iLearning and eLearning. Oracle intends to form a global sales unit to extend all its software training offerings across the enterprise.

The transaction is expected to close in the third calendar quarter of 2008.


Author: Rosalie Marshall @ www.itweek.co.uk

Read more ...

Oracle Issues Alert For WebLogic Plugin Vulnerability

Oracle on Tuesday issued a Security Alert related to a vulnerability that affects the Apache plug-in for Oracle WebLogic, formerly known as BEA WebLogic.

In an online post, Eric Maurice, manager for security in Oracle's global technology business unit, explained that the alert is the first since Oracle introduced its quarterly Critical Patch Update process in January 2005. The alert is necessary, he said, because code designed to exploit the vulnerability has been posted online.

The severity of the exploit, which can be seen at Milw0rm.com, is rated 10 out of 10.

"It is remotely exploitable without authentication, ... and it can result in compromising the confidentiality, integrity, and availability of the targeted system," said Maurice.

The vulnerability has been assigned the CVE identifier CVE-2008-3257.

Oracle has posted file to limit the maximum URL length to less than 4,000 bytes. If that's not feasible, Oracle suggests installing the mod_security Apache module.

Oracle plans to release an out-of-cycle patch to address the issue as soon as the patch is ready.

The exploit code was released July 17, two days after Oracle issued its second-quarter Critical Patch Update.

"Unfortunately, the person(s) who published this vulnerability and associated exploit codes did not contact Oracle before publicly disclosing this issue," said Maurice. "This means that the vulnerability was made public before providing Oracle an opportunity to develop an appropriate fix for this issue and notify its customers."

Author: Thomas Claburn @ www.InformationWeek.com

Read more ...

Oracle increases accusations in SAP lawsuit

We're finally getting a look into what Oracle has discovered in the discovery phase of its lawsuit against SAP and its subsidiary TomorrowNow (TN), which provided third-party maintenance and support contracts for Oracle products.

In an amended complaint filed today, Oracle paints a vivid picture of TN knowingly misappropriating Oracle's intellectual property and SAP knowingly choosing to allow TN to continue in its allegedly illegal operations. Oracle claims that documents uncovered during the discovery phase have "revealed that [SAP] knew from the start that SAP TN's business depended on this extensive illegal scheme...One of the key members of SAP's due diligence team--a former PeopleSoft employee--reported directly to board member [Shai] Agassi: "I am not sure how TomorrowNow gets access to Peoplesoft software, but its [sic] very likely that TomorrowNow is using the software outside the contractual use rights granted to them."

Oracle also claims that during the acquisition of TN by SAP that TN's owners "flatly refused to give any such assurances" that TN respected Oracle's IP rights.

Furthermore, Oracle claims to have uncovered evidence of an effort within SAP to move to a more conservative approach to delivering support services, a so-called "Project Blue." As I read Oracle's complaint, it appears that Project Blue would have involved TN giving up the maintenance of centralized copies of PeopleSoft and JDE and doing all customer support remotely on the customer's system. Oracle claims that SAP and TN eventually decided against Project Blue.


The complaint is now 70 pages, with substantial detail, and is quite an interesting read. Computerworld has a short article on it. But read Oracle's complaint to get a full picture.

Oracle chose to file this amended complaint today, the day before SAP reports its second quarter earnings, guaranteeing that analysts will be asking questions about this tomorrow.

This case puts a real obstacle in the path of the third-party maintenance model, a model that I hope will prove viable in the long run. Major software vendors, such as both Oracle and SAP, have too much power, too much control over their installed base customers and too little competition. Third-party maintenance gives customers another option and leverage over the unrestrained pricing power of the major vendors. When you buy a Lexus, you are not obligated to go to the Lexus dealer for maintenance. Why should enterprise software be any different?

Nevertheless, third-party service providers have to operate within the restraints of fair competition. Hopefully this case will be resolved in a way that makes the boundaries clear, so that clients have choices.

Author: Frank Scavo @ fscavo.blogspot.com

Read more ...