Call: +44 (0)1904 557620 Call

Pete Finnigan's Oracle Security Weblog

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

[Previous entry: "The Patch Impasse: Front line perspectives from enterprise IT"] [Next entry: "Cisco, others invest $6.3m in Guardium"]

Security Patch website

When Greg emailed me the pdf about the patch survey he also mentioned a website that his company sponsor called Security This site does not have a fantastic amount of content but it does include a very good set of pages that link to individual advisories for security bugs in Oracle, Microsoft, Apache, Linux and Sun. The Oracle page is of course of the most interest to us here. The Oracle patch page details all of the CVE references for bugs fixed in oracle CPU's and previous alerts. There is obviously not a complete cross reference against every bug fixed in each CPU and alert as Oracle never reveals this level of detail but the list is a good starting point. If you follow each CVE link you will find a page for each that often includes links to many other sources of information for each bug. Some link eventually to pages that include example exploits.