Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "Computer World is also talking about CPU July 2005"] [Next entry: "Oracle Simplifies SOA Security"] has a good news story about CPU July 2005

Shawna McAlearney, a news editor with com has written a nice article titled "Oracle issues patches, but misses the mark, again". This news article is good because its the first I have seen that expresses some opinion and of course because it quotes me..:-) - well maybe not!

The article starts by saying how many bugs have been fixed and also the fact that many outstanding security bugs have not been fixed and a second concern that at least one fix from the last patch didnít work. Then there are some quotes from me and then from David Litchfield and finally from Cesar Cerrudo who recommends that the patch sets should not be installed on a production server until they have been tested for a few months. I am not sure I would go this far. Installing the patches even if some fixes do not work as announced as seen in the last couple of weeks for the last patch set is surely better than not installing at all. The patch sets will fix more than they miss. Although I can see Cesars point of view that if even one bug fix does not work properly then the patch is essentially useless. It is all down to Q&A as Cesar says.

Read Shawna's article, itís very good. I also updated my Pete Finnigan in the news page.