Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Security

Oracle Patch Day Becoming Irrelevant 76

Posted by Zonk from the patches-on-patch-day-seems-logical dept.
mocirac wak writes "Oracle's scheduled quarterly patch day is becoming more and more irrelevant. Oracle critical patches announced in the April 2006 CPU are still not available for download and the ETA is now set for May 15. The whole idea of a patch day was to let DBAs get prepared for testing and deployment. What's the use of having a patch day when there are no patches to download?" From the article: "... Oracle's explanation that patch testing is not yet done points to serious shortcomings and an absence of a good patch development process. 'For such a big organization with a lot of financial resources, they should be ready to handle this without problems. But they are amateurs on everything security related,' Cerrudo said. 'They spend a lot of time creating these patches. Then, patch day comes around and the patches aren't available. Then, when the patches are finally released, it's normal to find that they are incomplete and fail to address the actual vulnerability,' he added."
This discussion has been archived. No new comments can be posted.

Oracle Patch Day Becoming Irrelevant More

Oracle Patch Day Becoming Irrelevant

Comments Filter:

  • From TFA (Score:2, Funny)

    by Aqua_boy17 ( 962670 ) on Friday May 05, 2006 @11:36AM (#15270407)
    "These aren't random complaints from unhappy researchers," Newman said, referring to the comments from Kornbrust and Cerrudo. "They need to admit their procedures aren't working and seek help getting it fixed."

    This Week on Ask Slashdot...

    'Larry' has a company that sells database software and he's trying to get developers to release security patches that are both trouble free and actually fix security holes and other problems...and then finally get them to do all of this on time.

    "Microsoft isn't good at security. We're good at that and I don't think sending a memo is going to help," 'Larry' states. Now he's turning to the /. community for help. So what advice can you give to 'Larry'?

  • Is patch timing really an issue? (Score:3, Funny)

    by HarvardAce ( 771954 ) on Friday May 05, 2006 @11:44AM (#15270470) Homepage
    Is the timing of the patches really that much of an issue? Do people install the patches as soon as they are released? I only ask because at my company we are about 2 years behind in the patches (we are still using 9i and in some cases 8), due to an inherent distrust of the stability of a patch. Likewise, not many people are in a rush to install the latest service packs of Windows until all the flaws are worked out.

    I could be missing the point here, and these are minor (yet critical) patches, but if they are, how come they are taking so much time to develop?

  • Re:From TFA (Score:3, Funny)

    by LearnToSpell ( 694184 ) on Friday May 05, 2006 @11:44AM (#15270471) Homepage
    "Larry, have you tried PostgreSQL? It's fantastic, and free!"

  • Unofficial patches (Score:5, Funny)

    by Matt Perry ( 793115 ) <perry.matt54@ya[ ].com ['hoo' in gap]> on Friday May 05, 2006 @11:55AM (#15270546)
    Unofficial patches available here: Mirror 1 [postgresql.org]. Mirror 2 [mysql.com].

    ;-)

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close