Oracle joins the monthly patch bandwagon
Breaks cover
Posted in Enterprise Security, 19th August 2004 14:48 GMT
Free whitepaper – The shortcut guide to managing certificate lifecycles
Oracle is following Microsoft's lead in adopting as monthly patch cycle starting at the end of this month.
Like Microsoft before it, Oracle reckons a monthly patch schedule is easier for its customers. Oracle was heavily criticised earlier this month by UK-based Next Generation Security Software (NGS Software) for its delay in releasing fixes for 34 security vulnerabilities it had unearthed. Oracle is holding up the release of fixes - developed two months ago, according to NGS Software - until its new patch distribution system is ready to go live.
An Oracle spokeswoman broke the firm's silence on the issue by confirming to eWeek that NGS Software had discovered security vulnerabilities that affect Oracle Database, Oracle Application Server and Oracle Enterprise Manager. She declined to say how many bugs were involved.
Oracle is promising all the necessary patches will be ready by 31 August, at which point an alert will be issued, eWeek reports. Meanwhile NGS Software is using its research on Oracle vulnerabilities to develop an intrusion prevention system designed to protect Oracle database servers, to be called dbfw. ®
Related stories
Oracle 'sitting on security fixes'
Oracle 9i Database, Ap Server bust six ways to Sunday
How to hack unbreakable Oracle servers
Ballmer's new MS security fix same patches, but nicer
Free whitepaper – Securing your Apache web server with a Thawte digital certificate


The best practices guide for application security
Avoiding 7 common mistakes of IT security compliance
The starter PKI program
Airport insecurity: the case of lost laptops
The mandate for application security
Google cloud told to encrypt itself
Chinese firm hits back at cyberspy claims
BlockMaster SafeStick hardware-encrypted USB drive