severity. The changes were in response to feedback from customers who have found past bulletins overly complicated and short on specifics. Oracle DBA Jon Emmons discusses the state of Oracle security with Senior News Writer Bill Brenner. Emmons is the keeper of a popular blog called "Life After Coffee," which focuses on Oracle security and other topics.
(1:23) What are your initial observations on the new look of the CPU bulletin? Did you find this bulletin easier to digest than past releases?
(1:51) Do you agree with some of the security experts in the past who really railed against these bulletins being hopelessly complicated and hard to digest?
(2:40) As a database administrator, do you think you have a long task ahead of you getting your systems patched, or is this latest bulletin par for the course?
(3:13) From beginning to end, how long does it take from the time the CPU is released to the time that you have all of the patches deployed?
(3:42) Oracle has taken a lot of flak in the past from experts who say the company sits on flaws for too long and often doesn't properly fix something as advertised. Is that a fair assessment or is Oracle getting unfair criticism?
Oracle fixes 101 flaws: Attackers could exploit 45 of the 101 flaws remotely without a username or password. Meanwhile, the new CPU offers more detail on the number of flaws patched and their severity.