Login, change your address, subscribe to new or manage current magazines or e-newsletter subscriptions
IT World Events
Site Map - Affiliates
ComputerWorldNetwork WorldCIO CanadaCIO Canada Governments' ReviewJobUniverse Canada
Enter your  QUICKLINK number to go directly to that article.
Advanced Search
Knowledge Centres
Content Types
Featured White Papers
Unlock the potential of data with the right data warehouse solutionUnlock the potential of data with the right data warehouse solution
Provided by: IBM
read more
IBM Multiform Master Data Management: The evolution of MDM applicationsIBM Multiform Master Data Management: The evolution of MDM applications
Provided by: IBM
read more
Closing the data privacy gap: Protecting sensitive data in non-production environmentsClosing the data privacy gap: Protecting sensitive data in non-production environments
Provided by: IBM
read more
Yuk it Up
Act to Amend the Copyright Act
Want a copyright law that protects spyware and virus writers? If not, sign our petition to amend Bill C-61
Featured IT Quiz
IT Quiz: Test yourself to see if you have the knowledge to fit into the open source world, and compare yourself with the rest of the respondents
Featured White Papers
This white paper details Intel's current and future energy-saving initiatives to reduce costs and support business goals. Learn how Intel IT is extending its efforts to be a role model enterprise IT organization by supporting the Climate Savers Computing Initiative, which aims to drive a 50 percent reduction in computer-related CO2 emissions worldwide. No registration required.
Oracle to deliver security patches quarterly
Page 1 of 1

Oracle to deliver security patches quarterly

By: Joris Evers - IDG News Service  (10 Dec 2004)

In a move intended to be customer focused, Oracle Corp. will provide security patches for all of its products on a quarterly basis starting Jan. 18.

The patches will include fixes for significant security vulnerabilities and updates that are needed to prevent patch conflicts, Mary Ann Davidson, Oracle’s chief security officer, said in a recent conference call with reporters.

In the past, Redwood Shores, Calif.-based Oracle generally released patches when these were ready for all supported product releases and platforms. This meant users may have been caught off-guard and had to drop other work to patch their systems.

Oracle had been mulling a regular delivery model for patches for the last year or so, according to Davidson. In August the company appeared to have opted for a monthly release cycle, similar to the one used by Microsoft Corp.

“When we talked to customers, they said they did not want to patch their systems once a month,” Davidson said. “We felt quarterly seemed to be a schedule that customers could live with.”

The dates on the patching calendar were chosen to provide a schedule that works for most customers, Davidson said. It avoids periods when customers don’t want to patch their systems because they are, for example, closing their books, she said.

Unlike Microsoft, which gives premium customers a heads up on patch releases, Oracle will seek to offer a level playing field. “I will not provide either selective information to some customers and not others or heads up to some customers and not others,” she said. Too many companies run mission-critical apps on Oracle’s software for it to take this stance, she said.

Oracle’s quarterly cycle is not set in stone. The company will issue a patch early if there is an imminent threat of a serious security flaw being exploited, Davidson said. The threshold is that there is no work-around for the vulnerability and exploits exist, she said. “In that case we don’t want to make customers wait for three months and of course customers don’t want to wait for three months,” she said.

Mike Murray, director or vulnerability research at nCircle Network Security Inc., a provider of vulnerability management services based in San Francisco, is pleased with Oracle’s move to quarterly patching.

“It is excellent. It really puts the appropriate emphasis on the importance of the patch cycle for IT departments. Now that it is predictable, it allows you to more efficiently and effectively allocate security resources around your Oracle infrastructure,” Murray said. “In the past, the announcements would come out whenever Oracle was ready, so you would come in to work one day and all of a sudden you had to run around and patch your Oracle servers.”

“I think they should monitor it for about a year and see how it goes,” said Craig Read, the president of the Toronto Oracle User Group.

“Oracle, in general, is a pretty secure architecture so I think quarterly is about right.” Also, because the software is often running mission critical apps, a release more often would make it difficult to do proper testing, he said.

— with files from Chris Conrath

Page 1 of 1
Send to a Friend  Rate This Page  Print This PageAdd a new comment
Bookmark this article on:
del.icio.us| Digg it| Furl| Google| Technorati| StumbleIt| Yahoo!

Have something to say about this article? Add a new comment

If you find a comment inappropriate, You can notify the moderator by clicking the Report an innapropriate comment icon.
ADD A COMMENT
Name:*Your email address will not appear online and will be used only in the event that the editor wishes to contact you personally for additional comment.
City:
Email:
Title:*
Comment:*
* required fields



Special Advertising Partners
IDC Case Study: Identity And Access Management Buying Criteria.
IDC analyses IAM buying criteria and deployment at Coppin State University. Coppin State replaces "first generation" IAM solution to obtain benefits needed for today's agile enterprise: ease of integration, rapid deployment, simplified compliance, flexibility.
White Papers
Closing the data privacy gap: Protecting sensitive data in non-production environments
How can IT organizations protect sensitive data, including employee and customer information, as well as corporate confidential data and intellectual property? Industry analysts recommend "de-identifying" or masking data as a best practice for protecting privacy. This white paper explains the importance of closing the data privacy gap in non-production environments, and provides guidance on effective data masking. Complimentary with registration. Sponsored by IBM.
Unlock the potential of data with the right data warehouse solution
Once you've made the decision to implement a new data warehouse, you want to make sure you choose the one that's right for your organization. This buyer's guide provides checklists for starting points that you can use when evaluating vendors and their products. Complimentary with registration. Sponsored by IBM.
Prepare for a more efficient SAP implementation: Take data issues off the critical path
This white paper outlines how the Preliminary Data Assessment Appliance (PDAA) from IBM can help address the challenges of integrating data from different operational applications across the enterprise to an SAP platform. Complimentary with registration. Sponsored by IBM.
Copyright InformationPrivacy Policy Site MapAbout UsMedia CentreReprint ServicesMobileFeedbackContact Us
PC World CanadaIntergovworld.comIT Vendors DirectoryBio-IT WorldCIO TitlesCMOComputerWorld TitlesCSO
GlossaryDarwinGameProInfoworldGames.netITJobUniverseJavaWorldMacCentral
MacWorldNetwork World TitlesPCWorldPlaylistIDG WorldWide Network
©2008 ITworldcanada.com All rights reserved.