Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "An excellent post by Lucas about object chnages and RSS feeds"] [Next entry: "Security Patch website"]

The Patch Impasse: Front line perspectives from enterprise IT

I was emailed a very interesting paper by Greg Ness of Bluelane the other day titled "The Patch Impasse: Front line perspectives from enterprise IT" and Greg has kindly allowed me to post it here in my blog. There are also similar papers available on the Blue Lane website.

This paper describes a survey of organisations during 2006 to understand the issues facing managers around the problems of whether to patch or not to patch. The paper starts with a profile of the respondents of the survey, it then goes on to talk about the demands of patching, the top concerns relating to patching, organisation concern about un-patched servers, records on patches for audits, downtime of critical servers when patching, high availability of business applications that rely on servers. The conclusion, I will leave you to read but I guess its obvious anyway.

This is an interesting paper for me as it shows what customers of packaged software solutions that do provide security patches think about the issues of patching.