Oracle no longer a bastion of security

Gartner Inc. has warned that Oracle Corp. databases no longer deserve their reputation for security and advised systems administrators to do more to protect their systems.

Analyst Rich Mogull came out with the warning last month, a few days after Oracle released its latest round of patches for a large number of serious security problems.

“Oracle can no longer be considered a bastion of security,” he said in a research note.

The patches fixed 82 vulnerabilities across Oracle’s various product lines, with the flagship database alone counting 37 bugs, some of which could allow remote access to databases.“The range and seriousness of the vulnerabilities patched in this update cause us great concern,” Mogull said.

“Oracle has not yet experienced a mass security exploit, but this does not mean that one will never occur.”He said administrators often neglect to patch regularly because of Oracle’s historically strong security and the fact that Oracle applications and databases are often not directly exposed to the outside world.

“Moreover, patching is sometimes impossible, due to ties to legacy versions that Oracle no longer supports,” Mogull said.

Administrators need to wake up, however, to the fact that they are no longer secure, with Oracle vulnerabilities being discovered and disclosed increasingly often, and more exploit tools and proof of concept code circulating online he added.

Gartner recommends administrators to shield their systems with technologies such as firewalls and intrusion prevention systems, apply patches as quickly as possible, and also to use security monitoring tools and other supplemental security methods.

QuickLink: 065595