http://www.nwfusion.com/news/2004/1118orpatch.html By Ellen Messmer Network World Fusion 11/18/04 Oracle plans to begin issuing cumulative software patches for Oracle Database, E-Business Suite, Application Server, Oracle Enterprise Manager and Collaboration Suite on a quarterly basis beginning Jan. 18. Oracle's three other scheduled patch-release dates in 2005 are April 12, July 12 and Oct. 18. Oracle's chief security officer, Mary Ann Davidson, said the quarterly software patch releases will address any needed security fixes as well as general non-security-related changes in Oracle products. The planned quarterly software releases, which Oracle is calling "Critical Patch Updates," are intended to make it easier for Oracle customers to handle the software-maintenance process. Patching typically requires shutting down servers and other systems to install new software code, a process that Oracle customers may be especially reluctant to do during certain business periods, such as when they're closing their books at the end of a financial quarter, Davidson said. Oracle for the first time in its history selected four specific days it intends to release cumulative patches for its products to help customers plan ahead and keep the disruption caused by patching to a minimum. However, Davidson noted that Oracle would make an exception to its quarterly update schedule in the event that the software company had to issue a "high-severity security alert" due to a vulnerability discovered in any Oracle product, particularly if an exploit for it were known to be in the wild. For this kind of "one-off patch," said Davidson, "We don't want our customers to wait for months." In general, though, if customers decide they don't want to apply any software patches issued Jan. 18, for whatever reason, they can wait until the next scheduled update, which would come April 12. At that time, any software changes issued in the January patch would also be included in the April patch. Davidson said the fixed schedule will help Oracle produce a single, well-integrated and well-tested patch. _________________________________________ Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/
This archive was generated by hypermail 2.1.3 : Fri Nov 19 2004 - 03:37:01 PST