Oracle Patch Day Becoming Irrelevant

mocirac wak writes "Oracle's scheduled quarterly patch day is becoming more and more irrelevant. Oracle critical patches announced in the April 2006 CPU are still not available for download and the ETA is now set for May 15. The whole idea of a patch day was to let DBAs get prepared for testing and deployment. What's the use of having a patch day when there are no patches to download?" From the article: "... Oracle's explanation that patch testing is not yet done points to serious shortcomings and an absence of a good patch development process. 'For such a big organization with a lot of financial resources, they should be ready to handle this without problems. But they are amateurs on everything security related,' Cerrudo said. 'They spend a lot of time creating these patches. Then, patch day comes around and the patches aren't available. Then, when the patches are finally released, it's normal to find that they are incomplete and fail to address the actual vulnerability,' he added."

And these guys want to get into Linux?

[Billosaur]

"Oracle promised them on May 1. Now they are saying some will come on May 10 and others will come on May 15. It's clear they are having big problems," Cerrudo said.

He said Oracle's explanation that patch testing is not yet done points to serious shortcomings and an absence of a good patch development process.

"For such a big organization with a lot of financial resources, they should be ready to handle this without problems. But they are amateurs on everything security related," Cerrudo said.

"They spend a lot of time creating these patches. Then, patch day comes around and the patches aren't available. Then, when the patches are finally released, it's normal to find that they are incomplete and fail to address the actual vulnerability," he added.

Oracle has been falling down on the job for years, making it virtually impossible for DBAs to keep up with patches and keep their systems tuned. They hem and haw, obfuscate and prevaricate, and still manage to retain their commanding market share. Sound like anyone else we know?

Again, Oracle should have gotten into the Linux biz 5 years ago -- now it's too late. At this point they should think about cleaning their own house and stay out of the OS business until they have a firm grip on their DB. This constant inability to stay on top of critical problems points a wider, systemic problem that would infect any Linux development program they acquired. Time for Larry Ellison to retire to a tiny island in the Pacific somehwere and let some new blood fix Oracle before it implodes under its own weight and become an IT black hole.

Sold my Oracle stock a long time ago

[mabu]

I worked on a big project involving Oracle software and after a lot of research, we decided to only use the core database and write our own interfaces to more reliable, more secure open-source systems. When I discovered how convoluted the company's own product line and support process was, I dumped the stock. It doesn't surprise me one bit that they can't meet deadlines of this nature. The internal structure of the organization from my perspective was always a bloody mess.

The problem with development is developers

[neelm]

How we got this far on the myth that software development can't be controlled is beyond me. Some old fasion project managment will keep any project on track, but we devs have managed to convince the managers that software development can't be estimated. Construct a Skyscraper and it's no problem to have a time line, but code an app... whoa, that has so many issues. Does construction have zero surprises along the way?

The truth of the matter is development is slow from lack of focus, and it starts with us the developers. Put down the damn Ruby on Rails book and focus on the language and tools you are actually using. (you can still do all the ruby you want at home). If ruby makes sense, then the company as a whole will move to it so we can all focus on it, but as long as you "do your own thing" you are part of the problem.

Oracle has the people, the money, and yes - the time. If it's still not working, then they don't have the method. Software development is not a special and unique snowflake - it can be managed like everything else.