infosec-news January 2011 archive
Main Archive Page > Month Archives  > infosec-news archives
infosec-news: [ISN] Oracle patching fewer database flaws as it a

[ISN] Oracle patching fewer database flaws as it adds more products

From: InfoSec News <alerts_at_nospam>
Date: Thu Jan 20 2011 - 11:10:46 GMT

By Jaikumar Vijayan
January 19, 2011

Oracle Corp.'s ability to address vulnerabilities in its core database
technologies may be hampered by the vast number of products the company
now must manage, security experts say.

For example, the list of Oracle's quarterly security updates released
Tuesday includes only six patches for security flaws in the company's
flagship database products. The other 60 patches released fix bugs in
Oracle's Fusion middleware technologies, its supply chain and CRM
software and products gained from its acquisition of Sun Microsystems
early last year.

The small number of database patches doesn't necessarily mean that the
Oracle technology is becoming more secure, said Alex Rothacker, director
of security at Application Security Inc.'s Team Shatter vulnerability
assessment group.

Rather, it likely shows that the company doesn't have the capacity to
fix the full list of Oracle database flaws reported to it in a timely
fashion, said Rothacker, whose team of researchers discovered three of
the six database flaws addressed in this week's update.


Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery
Network, Cisco Switches, SAS 70 Type II Datacenter.
Find peace of mind, Defend your Critical Infrastructure.