Oracle implements security warning programme

Oracle has started to issue so-called pre-release announcements ahead of its quarterly patch releases.

The warnings provide IT staff with information about the applications that the enterprise software vendor plans to patch, as well as the number of security fixes that will be distributed and the Common Vulnerability Scoring System code (CVSS) for the most severe fix in each major product category.

Pre-release information for Oracle's January 16 patch is currently posted on the vendor's website. The database and enterprise software vendor plans to issue 52 security updates. 

Microsoft pioneered the practice of sending out pre-release warnings to allow IT support staff to prepare for upcoming patch releases.

Oracle's decision comes nearly two months after security researchers with NGS Software compared the security record for the firm's database to that of Microsoft's SQL Server and found that Microsoft was trailing far behind Microsoft.

Researcher David Litchfield at the time warned that Oracle's security practices have failed to keep up with the evolution in security threats.

The NGS report wasn't the first to poke holes in Oracle's security record.

The firm over the past years has made several changes to it security practices. Among things it has adopted a regular patch release cycle to help IT staff plan and prepare for new updates.

Copyright ©v3.co.uk

oracle security security