Survey: Most Oracle Shops Don’t Mandate Security Patches
Heads up criminals with technical skills: Oracle products are wide open in most places! While 32% of these survey respondents are doing their cost-benefit analysis on patching their Oracle DBs, you could be stealing their data. A full 11% haven’t ever installed an Oracle patch. So get on the ball and get cracking…oh, you already have.
” ‘I think the feeling in those organizations is that since databases are a little more isolated than the desktop, there’s less of a [security] concern,’ said [Ian] Abramson, director of the enterprise data group at Thoughtcorp, an IT services firm in Toronto.”
No, Ian Abramson, it’s actually not the enterprises’ fault for mis-calculating the risk. They may have done so, but that’s not why these patches aren’t applied. Your aptly named cohort at the IOUG has it right:
“Patching databases in particular is a complex task that can require months of lab or and significant system downtime.” said Ian Abramson, the Independent Oracle Users Group’s president.
To recap, patches aren’t applied because it’s really hard to do so. Who makes it hard to apply the patches? The vendor does. Best thing Oracle could do for security would be to make applying patches easy…really easy.
Post a Comment