All the latest UK technology news, reviews and analysis
|
|
|
12 Jan 2007
Oracle has started to issue pre-release announcements ahead of its quarterly patch updates.
The warnings provide IT staff with information about the applications that the enterprise software vendor plans to patch.
It also lists the number of security fixes that will be distributed, and the Common Vulnerability Scoring System code for the most severe fix in each major product category.
Pre-release information for Oracle's 16 January patch is currently posted on the vendor's website. The database and enterprise software vendor plans to issue 52 security updates.
Microsoft pioneered the practice of sending out pre-release warnings to allow IT support staff to prepare for upcoming patch releases.
Oracle's decision comes nearly two months after security researchers at NGS Software compared the security record for the firm's database to that of Microsoft's SQL Server and found that Oracle was trailing far behind Microsoft.
Researcher David Litchfield warned at the time that Oracle's security practices have failed to keep up with the evolution in security threats.
The NGS report was not the first to poke holes in Oracle's security record. The firm has made several changes to it security practices in recent years, and has adopted a regular patch release cycle to help IT staff plan and prepare for new updates.
Latest stories from Developer
Related videos
Related articles
Related jobs
Poll
Are you confident that the UK's IT infrastructure is secure from attack in the wake of the Flame malware revelations?
V3 examines the key strengths and weaknesses of Samsung's latest iPhone killer
Connect with V3.co.uk
Social networking is almost ubiquitous. This white paper examines the benefits and risks and it looks at the different ways companies can reconcile them
The importance of understanding your infrastructure
As part of a major implementation of a new inventory...
Information/Data Architect - MDM - Master Data Management...
Code Red Associates (CRA) is a leading supplier of Permanent...
A fantastic opportunity has arisen for an experienced...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
A good step forward, but....
This is another step in the right direction by Oracle. As ever forewarned is forearmed ? and this move allows IT managers to get to grips earlier with essential patching. But users need to beware: it?s not the vendor vulnerabilities they need to focus on but the critical weaknesses in their development processes. The bottomline: the most critical attacks to databasese right now - such as SQL injections - don't exploit vendor vulnerabilities. It?s incorrect filtering of SQL queries that allows an attacker to make his targeted strike on the database. The continuous pressure on developers to drag more and more functionality out of their database should be a much greater cause for concern. Deployment errors caused by poorly configured databases, inappropriate access permissions or badly engineered applications accessing the database are what system owners really need to focus on.
Posted by: Steve Moyle, CTO, Secerno 15 Jan 2007