News

Oracle moves to monthly patching

Weeks after coming under criticism for sitting on patches for multiple holes in its database software, Oracle has announced that it is moving to a monthly patch release schedule.

The company said it is making the change because it believes it will be more convenient for its users.

"While it is challenging to produce all patch sets on a fixed schedule, we are confident that a regular patch schedule is the right thing for our customers," the company said.

Oracle has generally released patches when they are ready for all supported releases and platforms.

The change comes amid recent scrutiny of its security processes.

Earlier this month, security researcher David Litchfield of Next Generation Security Software criticised the company for delaying the release of patches for 34 vulnerabilities discovered in its database software. At the time he said that patches had been ready for two months but had not been released.

The move to monthly fixes is aimed at injecting some predictability to the patching process, and allows companies to test all the fixes at once, rather than doing them one by one as they are released, according to Carole Theriault, security consultant at Sophos.

"It is a good way to do it if you are not dealing with critical patches," Theriault said. "However, customers should be given the option of downloading a bug fix right away so they can deal with critical issues as soon as possible, and test patches before they go live on their system."

Microsoft moved from a weekly to a monthly patch release schedule late last year in an effort to streamline its distribution and reduce the number of headaches faced by customers who had to test and apply patches on a weekly basis.

Scarlet Pruitt writes for IDG News Service


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy