« IMsafer - a good privacy/security trade off? | Main | "Modified" security professional »

Oracle - Sh!t List

Yet another reason that Oracle remains on my shit list:

Oracle has just released 101 patches. Yes, I said one hundred and one. Now I understand that they only release patches once a quarter, which in my mind only compounds this problem. Even at a monthly rate (like Microsoft), that pushing 30+ patches a month.

What DBA can evaluate 101 patches a quarter (or 30 in a month)? That is a huge amount of data to evaluate, test appropriately , and then deploy of hours. You do evaluate and test your patches before you put them in your production environment, right?

Now, I don't want to bash Oracle for releasing too many patches (although, woah, 101?), because I believe if you have a vulnerability (and can patch it) you should release the patch. However, how well written is Oracle it they have to release 101 patches at a whack?

The short of it: Oracle's patching strategy is a mess. I feel sorry for any Oracle DBA right about now.

Posted by Larry on October 18, 2006 08:44 PM |

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)