EmailSafety.net - Most Oracle database shops don't mandate security patch use

Most Oracle database shops don't mandate security patch use

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Recent News

A continuing lack of corporate mandates to quickly install Oracle's security patches may be leaving many Oracle database installations exposed to vulnerabilities for extended periods of time, according to survey results released on Wednesday.

Database expert: Oracle behind Microsoft on patch management

In a pair of online surveys that were jointly conducted between May and August of last year by the International Oracle Users Group (IOUG) and Oracle, only 26% of the 150-plus respondents said that their companies required the software vendor's quarterly patch updates to be applied on all systems as soon as they're released.

Another 6% said they're required to install Oracle's Critical Patch Updates (CPU) on critical systems only, the IOUG and Oracle wrote in a report . Meanwhile, 30% said their companies didn't have any specific policies in regards to Oracle's patches, while 32% said their policies required database administrators to do either risk or cost-benefit analyses in order to justify the installation of patches in production databases.

Related Content

In addition, the survey results showed that most of the respondents were months or even more than a year behind Oracle's patch releases. Only 30% said they typically installed patches before the vendor released its next CPU, according to the report. Twenty-five percent said they were one cycle, or three to six months, behind in installing the patches, while 26% said they were two to four cycles behind. Another 11% said they hadn't installed any of Oracle's patch updates on their systems.

Oracle, which initiated its quarterly patching schedule in early 2005, typically issues dozens of patches across its entire product suite as part of the CPUs. But applying patches to production databases is a complex and time-consuming task that can require months of labor and significant system downtime - leaving many companies slow to install CPUs or reluctant to do so at all.

While the new survey results are likely to raise some alarms from an IT security standpoint, they're actually better than the ones contained in a report released early last year by Sentrigo Inc., a vendor of database security tools in San Mateo, Calif. Sentrigo reported that more than two-thirds of the Oracle DBAs it polled over a six-month period - 206 out of 305 - said they had never installed an Oracle patch on their database servers, no matter how critical the vulnerabilities that were being patched.

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.

Recent News:

· Feds draw a bead on Russian behind Mega-D botnet
· Ransomware Attack Resurfaces to Hold Files Hostage
· Adobe Reader X Makes PDF Files Safer
· PayPal Users Beware of Holiday Phishing Scam
· McAfee Reports Malware at All-Time High

Site Map | Recent News | Related Sites