Oracle joins the monthly patch bandwagon
Breaks cover
Posted in Enterprise Security, 19th August 2004 14:48 GMT
Free whitepaper – Solid State Drives and High-Speed Memory
Oracle is following Microsoft's lead in adopting as monthly patch cycle starting at the end of this month.
Like Microsoft before it, Oracle reckons a monthly patch schedule is easier for its customers. Oracle was heavily criticised earlier this month by UK-based Next Generation Security Software (NGS Software) for its delay in releasing fixes for 34 security vulnerabilities it had unearthed. Oracle is holding up the release of fixes - developed two months ago, according to NGS Software - until its new patch distribution system is ready to go live.
An Oracle spokeswoman broke the firm's silence on the issue by confirming to eWeek that NGS Software had discovered security vulnerabilities that affect Oracle Database, Oracle Application Server and Oracle Enterprise Manager. She declined to say how many bugs were involved.
Oracle is promising all the necessary patches will be ready by 31 August, at which point an alert will be issued, eWeek reports. Meanwhile NGS Software is using its research on Oracle vulnerabilities to develop an intrusion prevention system designed to protect Oracle database servers, to be called dbfw. ®
Related stories
Oracle 'sitting on security fixes'
Oracle 9i Database, Ap Server bust six ways to Sunday
How to hack unbreakable Oracle servers
Ballmer's new MS security fix same patches, but nicer
Free whitepaper – Ensuring service assurance in the new normal
Register Research on: Application Platforms
Secure Mobile Working
The Impact of IT Security Attitudes
The Evolving Security Landscape
The Register's Green Computing Debate
