Oracle yesterday released its Critical Patch Update fixing vulnerabilities across its database and application product lines. But do Oracle database administrators really care?
The Oracle security update contained patches for 27 flaws, including eight flaws in Oracle Database, and six new security fixes for Oracle Application Server. The most serious database flaws included SQL injection vulnerabilities and an XML DB handling error.
Recent research, however, indicates that many DBAs may not install the new fixes at all. Database security company Sentrigo surveyed 305 DBAs, developers and consultants and found that two thirds had never installed an Oracle critical patch update.
I’d like to hear from some DBAs on this topic. In your experience, is failure to implement these updates truly a common practice? Or, do you think these survey results skewed by the number of consultants and developers responding? Let me know what you think and we’ll hopefully use your comments in an upcoming news story.