It's a fact of life: software is never finished. It's either buggy or not secure. Microsoft issues patches monthly, some companies even more often. Oracle seems to take a more leisurely pace, issuing patches only quarterly. There was only one product that strikes me as being finished, and that was MS-DOS 2.1. Of course, that was a while ago.
For July, Oracle issued 23 “Category I” patches, for “products that are in Premier Support or Extended Support, under the Oracle Lifetime Support policy.” Check out the complete July 2008 patch list. The products covered include the core database, the application sever, E-Business suite, enterprise manager, PeopleSoft, JD Edwards, and BEA. Some patches are cumulative, others are not, complicating matters a bit. Also, for your reading pleasure, Oracle thoughtfully provides risk matrices to keep you busy.
You'll be pleased to know that Oracle acknowledges its software isn't finished by announcing its critical patch update schedule a full year in advance. Mark your calendars now, boys and girls, for Oct. 14, 2008; Jan. 13, 2009; April 14, 2009; and July 14, 2009.
Even better, if you're lucky enough to discover a vulnerability, Oracle will publish your name. O, happy day.
Well, yeah, I'm having a little fun at Oracle's expense, but in all seriousness, it's critical to stay up to date with vulnerabilities and fixes, even if you don't sell or support Oracle products. Why? The simple answer is that a product you do sell or develop is likely to interact with an Oracle database, server, or something else. Knowing what’s broken at Oracle (or Microsoft, or Apple, or HP, or Red Hat, or a thousand other companies) is essential to keeping your own products running trouble free. Happy reading.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
