Article

Oracle emulates Microsoft with advance patch notice

Bill Brenner
Customers praised Microsoft when it started offering advance notification each month on what to expect for Patch Tuesday. Oracle Corp. hopes to duplicate that success with its own advance notification,

    Requires Free Membership to View

starting with one it released Thursday to describe planned fixes for next week.

A spokeswoman for the Redwood Shores, Calif.-based database giant said the advance summary is designed to help customers plan their patching schedules more efficiently. The move is also part of the company's larger effort to make its Critical Patch Updates (CPUs) easier to digest.

Oracle patch bulletins:

Podcast: The state of Oracle security (Nov. 1, 2006)

Podcast: Oracle's Darius Wiles on issues with its patch process (July 20, 2006)
 
Column: Oracle responds to security critics

News: Oracle bulletins will rank patches, offer more detail

Oracle's patching process has been criticized. Some security experts and database administrators have said the quarterly patch bulletins offered too few details on the nature of what was being fixed, and that some flaws weren't always fixed as advertised. Others have accused the company of sitting on flaws it has known about for a year or more.

The company took its first step toward improving the process last October, when it released a streamlined CPU bulletin that ranked the importance of the fixes and offered additional vulnerability details.

According to the advance bulletin released Thursday, Oracle will fix 52 flaws across its product line next week. This will include 27 fixes for flaws in Oracle Database products, 10 of which may be remotely exploitable without authentication; and 12 new fixes for flaws in the Oracle Application Server, eight of which may be remotely exploitable without authentication. Fixes are also expected for E-Business Suite, Enterprise Manager and PeopleSoft Enterprise.

"While this pre-release announcement is as accurate as possible at the time of publication, the information it contains may change before publication of the CPU advisory," Oracle said in the advance bulletin.


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: