Podcast: The state of Oracle security

Article

Podcast: The state of Oracle security

In October, Oracle released its quarterly patch update, which fixed 101 flaws across its product line. The release was made with a streamlined bulletin offering more detail on the flaws and their

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

severity. The changes were in response to feedback from customers who have found past bulletins overly complicated and short on specifics. Oracle DBA Jon Emmons discusses the state of Oracle security with Senior News Writer Bill Brenner. Emmons is the keeper of a popular blog called "Life After Coffee," which focuses on Oracle security and other topics.

  Oracle DBA Jon Emmons: 

  Program highlights: 

  • (1:03) Introduction of DBA Jon Emmons.

  • (1:23) What are your initial observations on the new look of the CPU bulletin? Did you find this bulletin easier to digest than past releases?

  • (1:51) Do you agree with some of the security experts in the past who really railed against these bulletins being hopelessly complicated and hard to digest?

  • (2:40) As a database administrator, do you think you have a long task ahead of you getting your systems patched, or is this latest bulletin par for the course?

  • (3:13) From beginning to end, how long does it take from the time the CPU is released to the time that you have all of the patches deployed?

  • (3:42) Oracle has taken a lot of flak in the past from experts who say the company sits on flaws for too long and often doesn't properly fix something as advertised. Is that a fair assessment or is Oracle getting unfair criticism?

      Program Links: 

  • Oracle bulletins will rank patches, offer more detail: Oracle has been criticized in the past for releasing complex security bulletins that are hard to decipher. The streamlined bulletins will be easier to digest, the company says.

  • Oracle DBAs mixed on security progress: Some DBAs praise Oracle for its revamped patch bulletins, but others say the database giant's patching process still leaves much to be desired.

  • Security Wire Weekly: Oracle's Darius Wiles: Oracle's Darius Wiles discusses the database giant's vulnerability patching process and the criticisms levied against it.

  • Oracle fixes 101 flaws: Attackers could exploit 45 of the 101 flaws remotely without a username or password. Meanwhile, the new CPU offers more detail on the number of flaws patched and their severity.

  • Oracle owns up to patching problems: Database giant Oracle Corp. has faced mounting criticism of its security patching process during the last two years.

  • Information Security podcasts: Visit SearchSecurity's podcast archive.