Breaking News - Security:

Oracle Adopts New Quarterly Security Patch Process

Oracle notified its customers that it has implemented a new security patch process, based on quarterly Critical Patch Updates. The service will begin in 2005.

The comprehensive set of well-integrated patches will more efficiently address security vulnerabilities for Oracle and may include patches for Oracle Application Server, Oracle Database, Oracle E-Business Suite, Oracle Enterprise Manager and Oracle Collaboration Suite. The updates are scheduled to be issued to customers simultaneously via MetaLink, Oracle's support Web site, next year on Jan. 18, April 12, July 12 and Oct. 18.

"Organizations prefer regular, planned schedules for patching their information technology systems," said Mary Ann Davidson, chief security officer of Oracle Corp. "After surveying customers across a variety of industries it became evident that a quarterly process would best meet our customers' needs. The quarterly schedule strikes a balance between issuing patches often enough to protect customers from serious vulnerabilities while making it easier for customers to manage the maintenance process."

The move to a quarterly schedule allows Oracle to satisfy customer demand while delivering three key benefits. Under the new program, organizations can plan configuration management rather than reacting to unscheduled "surprise" patch alerts. The fixed schedule also is designed to avoid common blackout dates, the time when customers will not update their systems. For example, many organizations are not allowed to update systems at the end of the quarter when they are closing their books. And, Critical Patch Updates help lower the cost of applying patches by delivering a single, well-integrated and well-tested patch that fixes multiple, high-priority vulnerabilities.