[ISN] Oracle patching fewer database flaws as it adds more products

From: InfoSec News <alerts_at_private>
Date: Thu, 20 Jan 2011 05:10:46 -0600 (CST)
http://www.computerworld.com/s/article/9205560/Oracle_patching_fewer_database_flaws_as_it_adds_more_products

By Jaikumar Vijayan
Computerworld
January 19, 2011

Oracle Corp.'s ability to address vulnerabilities in its core database 
technologies may be hampered by the vast number of products the company 
now must manage, security experts say.

For example, the list of Oracle's quarterly security updates released 
Tuesday includes only six patches for security flaws in the company's 
flagship database products. The other 60 patches released fix bugs in 
Oracle's Fusion middleware technologies, its supply chain and CRM 
software and products gained from its acquisition of Sun Microsystems 
early last year.

The small number of database patches doesn't necessarily mean that the 
Oracle technology is becoming more secure, said Alex Rothacker, director 
of security at Application Security Inc.'s Team Shatter vulnerability 
assessment group.

Rather, it likely shows that the company doesn't have the capacity to 
fix the full list of Oracle database flaws reported to it in a timely 
fashion, said Rothacker, whose team of researchers discovered three of 
the six database flaws addressed in this week's update.

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Thu Jan 20 2011 - 03:10:46 PST

This archive was generated by hypermail 2.2.0 : Thu Jan 20 2011 - 03:17:54 PST