Feeds

Oracle moves to quarterly patch cycle

Extended delivery

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

Oracle yesterday announced plans to adopt a quarterly security patch cycle. The enterprise software giant says that adopting a fixed delivery schedule will make it easier for customers to plan updates and thereby help them reduce costs.

The updates are scheduled to be issued to customers simultaneously via Oracle's support Web site, MetaLink, next year on 18 January, 12 April, 12 July and 18 October. Products to be covered under the new patching regime include Oracle Application Server, Oracle Database, Oracle E-Business Suite, Oracle Enterprise Manager and Oracle Collaboration Suite.

Oracle previously said it would issue patches monthly, like Microsoft, it's now come round to the view that once every three months is frequent enough. Oracle said that releasing security updates as a "single, well-integrated and well-tested patch that fixes multiple, high-priority vulnerabilities" will help to reduce the costs of applying patches.

"Organizations prefer regular, planned schedules for patching their information technology systems," said Mary Ann Davidson, Oracle's chief security officer. "After surveying customers across a variety of industries it became evident that a quarterly process would best meet our customers' needs. The quarterly schedule strikes a balance between issuing patches often enough to protect customers from serious vulnerabilities while making it easier for customers to manage the maintenance process."

The software giant argues that reacting to unscheduled "surprise" patch alerts makes this difficult for customers. Whilst there's some truth in this Oracle ought to consider the impact of having an unfixed security bug across its customer base for months on end. Oracle's public pronouncement doesn't give much room for manoeuvre but we hope database giant has the good sense to issue an emergency fix in circumstances where a security flaw is been actively exploited. ®

Related stories

Oracle joins the monthly patch bandwagon
Oracle's first monthly patch batch fails to placate critics
Oracle 'sitting on security fixes'
Ballmer's new MS security fix same patches, but nicer
MS debuts 'forthcoming attractions' pre-alert alert

Designing a Defense for Mobile Applications

More from The Register

next story
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Putin: Crack Tor for me and I'll make you a MILLIONAIRE
Russian Interior Ministry offers big pile o' roubles for busting pro-privacy browser
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.