Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "eweek article on alert #68 discusses public exploit availability"] [Next entry: "computerworld have also picked up the patch quickly story"]

where is the next monthly patch?

The more interesting question not alluded to in Lisa Vaas's eweek article is where is the next monthly patch. Oracle brought out patches for alert 68 saying that this is the first of the new monthly patch release plan. This patch was out on August 31 and we have not seen the next monthly patch yet and its now half way through October. I have heard that a number of big companies have complained about the amount of work involved in a monthly patch release schedule. Possibly Oracle could compromise between a monthly schedule which could cripple large companies with lots of databases and the original more hap-hazard schedule of security releases. A quarterly release schedule would be better for companyís staff time budgets needed for installation and testing but would not deliver the advantage of security fixes being available monthly. Itís all about compromises I suspect!