Oracle goes quarterly for critical patches

Oracle today notified its customers that it will revise its security patching process next year by introducing quarterly critical patch updates.

The database giant claimed that the programme will allow organisations to better plan configuration management, rather than having to deal with the current unscheduled 'surprise' patch alerts.

According to the firm, a "comprehensive set of well-integrated patches will more efficiently address security vulnerabilities for Oracle".

The service will cover patches for Oracle Application Server, Database, E-Business Suite, Enterprise Manager and Collaboration Suite.

The updates are scheduled to be issued to customers simultaneously via Oracle's MetaLink support website next year on 18 January, 12 April, 12 July and 18 October.

"Organisations prefer regular, planned schedules for patching their IT systems," said Mary Ann Davidson, chief security officer at Oracle.

"After surveying customers across a variety of industries it became evident that a quarterly process would best meet our customers' needs.

"The quarterly schedule strikes a balance between issuing patches often enough to protect customers from serious vulnerabilities, while making it easier for customers to manage the maintenance process."

Oracle added that the fixed schedule would help avoid common blackout dates, the times when customers will not update their systems.

The announcement comes a week after Oracle's refusal to release more specific information about a recently uncovered 'Severity 1' security vulnerability was slammed by Gartner for leaving the firm's customers open to increased risks.