By Jim Grisanzio | September 2021
I love talking to scientists and engineers. They think deeply about ways to solve difficult problems or create new opportunities, seemingly out of nothing at all. I'm fascinated by that process, so I seek out these people wherever I go. And at Oracle, they aren't that hard to find.
To scratch this itch, I poked around in the Oracle Labs. There are a lot of smart people there doing interesting things. That's where I met Cristina Cifuentes. She's the founder and director of Oracle Labs Australia in Brisbane, and she has a Ph.D. in Computer Science. Her focus is security, and her work touches all of Oracle's core enterprise products.
It turns out that our paths crossed back at Sun Microsystems, where she worked in Sun Labs while I worked in Solaris engineering on the OpenSolaris project. Both of us were in the Bay Area at the time, but we never met. She was working on the Parfait vulnerability detection system, collaborating with the kernel developers to help find vulnerabilities in the operating system. Interesting that we finally meet all these years later at Oracle.
Back during the Sun days, Cristina and her team were developing new static code analysis techniques. She's continuing that work at Oracle Labs; the technology has advanced to include more intelligent application security techniques. The goal now is to look at running systems to find vulnerabilities. For example, to discover a potential attack at that precise moment when an application touches the database. No small task—modern enterprise systems can easily run tens of millions of lines of code with many complex third-party dependencies.
During our conversation we also talked about software development practices, particularly the differences in how engineers work on a typical software development team versus how computer scientists do research in a labs environment. There are some interesting distinctions in focus and processes at certain points that ultimately lead to collaboration across teams.
Although Cristina's past work has been internally focused on Oracle products, recently she and her team have been collaborating with the University of Queensland on cybersecurity projects. That work is ongoing and available as open source on GitHub and on the university's website.
Please do enjoy this conversation with Cristina. Hopefully over time, I'll get to meet more of the labs staff for more of these discussions.