Oracle's Ellison to strut his stuff at RSA 2007

The high-profile RSA Conference has proven to be a worthwhile podium for Microsoft's security message, and now Oracle is following suit.

Oracle chief executive Larry Ellison is slated to address the RSA Conference 2007 in February, according to Sandra Toms LaPedis, general manager of the conference. The business software maker is paying $220,000 to be one of nine "platinum sponsors" of the San Francisco event, she said.

This was confirmed on Wednesday by an Oracle spokeswoman. She could not, however, provide details of Ellison's speech. It is the first time Ellison will speak at the annual RSA Conference, LaPedis said.

Oracle's backing of the security confab comes as the company faces continued scrutiny over its security practices.

John Pescatore, an analyst at Gartner, said: "Oracle has lost the high ground in security. I think this is part of them seeking to come back."

Oracle likes to boast that the Central Intelligence Agency was its first customer and once marketed its products as "unbreakable". However, the company's security reputation has been hurt by a flood of security flaws in its products and vocal criticism from researchers about its security practices.

The comparison with Microsoft is easy to make, Pescatore said. "When Microsoft started getting pounded on, that is when you saw Microsoft pouring in money and keynoting," he said. Microsoft chairman Bill Gates first delivered the opening keynote speech at the RSA Conference in 2004, and his appearance has become an annual affair.

Signing up for the RSA Conference certainly means Oracle has something to say about security and the importance of security in the industry, LaPedis said.

She said: "At the time that Gates first spoke at the conference, you saw that Microsoft was getting very aggressive in the security arena. It will be interesting to see what Ellison says." Microsoft has not yet confirmed Gates' attendance for 2007 but that is not unusual this far in advance of the event, she noted.

Oracle appears to be easing up a little on the security front. Its chief security officer is now blogging, and the enterprise software company is talking to the media about security topics. However, the company is still often critiqued for its unwillingness to deal openly with researchers.

Indeed, Oracle seems to have shifted from focusing solely on product features to include security, said Alexander Kornbrust, who runs Germany's Red Database Security and often hunts for bugs in Oracle products. Kornbrust has repeatedly chided Oracle for a lack of responsiveness when it comes to product security, in particular plugging security holes.

He said: "I, as well as other security researchers, noticed a wind of change in Oracle. The big tanker is currently changing his direction."

Oracle may also use the 2007 RSA Conference to pitch its security-related products, such as identity management software and tools to lock down a database.

Pete Finnigan, a security specialist based in the UK, said: "I just hope that the realisation that the core products are not secure has risen up the hierarchy of Oracle. Let's hope that Larry is going to announce a new regime and that they will fix all outstanding security bugs and not just promote a new raft of products."

Security is also rumoured to be a main topic at Oracle OpenWorld 2006, scheduled for October. Yet, echoing Finnigan's remarks, Gartner's Pescatore said Oracle should take care not to promote security without first getting its house in order.

He said: "It is always smarter for vendors to make their products more secure first and then spend money on talking about how secure they are."

Joris Evers writes for CNET News.com