Tuesday, January 15, 2008

Most Oracle Admins don't patch security flaws

As of January 2005, Oracle provides Critical Patch Updates on Metalink every quarterly schedule to address significant security flaws and recommended updates (required for security fixes). So, how is this all working out? Well, see for yourself...

"Complexity of task makes admins not want to bother":
This research shows that "Two-thirds of Oracle DBAs don't apply security patches"

2/3? IMHO it's more like 9 out of.. 8.

""In fact, a good two-thirds of all Oracle DBAs appear not to be installing Oracle's security patches at all, no matter how critical the vulnerabilities may be, according to survey results from Sentrigo Inc., a Woburn, Mass.-based vendor of database security products.""