Friday | 10 July, 2009
CSO
Oracle moves to monthly patching schedule
Scarlet Pruitt (IDG News Service) 23/08/2004 08:13:48

Weeks after coming under criticism for sitting on patches for multiple holes in its database software, Oracle has announced that it is moving to a monthly patch release schedule.

The company said that it is moving to the monthly model -- which has already been adopted by Microsoft -- because it believes that a predictable patch release schedule will be more convenient for its users.

"While it is challenging to produce all patch sets on a fixed schedule, we are confident that a regular patch schedule is the right thing for our customers," the company said in a statement released this week.

Oracle did not say when the monthly schedule would begin, and a representative for the company in London could not comment further on the matter.

The enterprise software vendor has generally been releasing patches when they are ready for all supported releases and platforms.

The change comes amid recent scrutiny of Oracle's security processes. Earlier this month, UK security researcher David Litchfield, of Next Generation Security Software, criticized the company for delaying the release of patches for 34 vulnerabilities discovered in its database software. At the time he said that patches had been ready for two months but they had not been released.

The move to monthly fixes is aimed at injecting some predictability to the patching process, and allows companies to test the fixes at once, rather than doing them one by one as they are released, according to Carole Theriault, A security consultant at Sophos.

"It's a very good way to do it if you're not dealing with very critical patches," Theriault said. "However, customers should be given the option of downloading a bug fix right away so they can deal with critical issues as soon as possible, and test patches before they go live on their system."

Microsoft moved from a weekly to a monthly patch release schedule late last year, in an effort to streamline its distribution and reduce the number of headaches faced by customers who had to test and apply patches on a weekly basis.

Software makers in general have tried to become more responsive to their customers' security needs amid the increase in threats, Theriault said.

"Everyone has upped their games," she said. "It's just good business sense."

More about Sophos, Next Generation Security Software, Microsoft, Oracle

Comments

Post new comment

Login or register to link comments to your user profile, or you may also post a comment without being logged in.
The content of this field is kept private and will not be shown publicly.
Enter the fully qualified URL, eg. http://www.example.com/
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

More information about formatting options

Add to Google
Additional Resources
Newsletter Subscription
Sign up for our CSO Online newsletters!
RSS Feeds
Syndicate content
 
Get a job Careerone
Whitepaper


Read Whitepaper

State of Internet Security

Spyware, viruses and other malware transported via Web sites represent the most serious data threat to companies today. Read on find out how you can appropriately leverage technology and appropriate business technologies to protect your business.

Sponsored Links