Friday, February 27, 2009
"A continuing lack of corporate mandates to quickly install Oracle Corp.'s security patches may be leaving many Oracle database installations exposed to vulnerabilities for extended periods of time, according to survey results released on Wednesday.
"In a pair of online surveys that were jointly conducted between May and August of last year by the International Oracle Users Group (IOUG) and Oracle, only 26% of the 150-plus respondents said that their companies required the software vendor's quarterly patch updates to be applied on all systems as soon as they're released.
"Another 6% said they're required to install Oracle's Critical Patch Updates (CPU) on critical systems only, the IOUG and Oracle wrote in a report. Meanwhile, 30% said their companies didn't have any specific policies in regards to Oracle's patches, while 32% said their policies required database administrators to do either risk or cost-benefit analyses in order to justify the installation of patches in production databases."
More at ComputerWorld...