Bigger is not necessarily better, but it's beginning to look like Oracle will release a monster Critical Patch Update (CPU) every quarter. These security updates affect databases, networking components, operating systems, applications server, Java, and ERP systems, leaving IT administrators to wrestle with the task of testing, verifying, and deploying several dozen patches in a timely manner.
The CPU is getting bigger -- the average number of vulnerabilities patched in 2014 and 2015 was 128 and 161, respectively, compared to this year's average of 228 vulnerabilities -- but most of the focus remains on the company's middleware products. Of the 253 security flaws fixed in the October Critical Patch Update (CPU), Oracle Database, MySQL, Java, Linux and virtualization products, and the Sun Systems suite accounted for only one-third of the patches. Oracle addressed 12 vulnerabilities in its core Oracle Database Server, 31 in the MySQL database, seven in Java SE, 13 in Oracle Linux and virtualization products, and 16 in the Sun Systems suite, which includes Solaris and Sparc Enterprise.
To read this article in full or to leave a comment, please click here