The "pre-release announcement" is similar to the approach Microsoft takes five days before its so-called Patch Tuesdays, delivered the second Tuesday of each month.
The brunt of the patches - 27 - is scheduled for Oracle Database vulnerabilities, 10 of which can be remotely exploited without user authentication. Another 12 fixes are slated for Oracle Application Server flaws, eight of which are open to remote attack.
Fixes also will be issued for the E-Business Suite, Enterprise Manager and PeopleSoft Enterprise solutions.
The new notification initiative follows a decision in October by Oracle to use the Common Vulnerability Scoring System (CVSS) to rate bugs, identify those flaws that are critical and remotely exploitable, and include a "high-level" overview of each defect and fix - again similar to Microsoft's approach.
Oracle has made efforts to improve communication with customers over security issues. At the start of last year, the company analyst-oracle-not-ball was heavily criticised within the industry because of the large numbers of fixes it was issuing, for delaying the release of other fixes and for not recommending necessary workarounds.
Click here to email reporter Dan Kaplan.
.png&h=140&w=231&c=1&s=0)
.png&w=100&c=1&s=0)
.png&w=120&c=1&s=0)
Tech in Gov 2025
Forrester's Technology & Innovation Summit APAC 2025
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
