Oracle is to make its security patching notes easier to understand and to rate the severity of each threat clearly...
for the first time, making the patching job of IT administrators much easier.
The changes will come into force with the company’s next security patching release on Tuesday.
Up to now, administrators have had to use complicated assessment matrices supplied by Oracle to help them consider, plan and distribute security patches.
Since Oracle released 65 patches in its last update in July, this had become no easy task for administrators.
With Oracle’s 17 October Critical Patch Update, it will introduce three major enhancements in its documentation.
Oracle is adopting the Common Vulnerability Scoring System (CVSS), which is used by other suppliers, such as IBM; it will also specifically identify those critical vulnerabilities that may be remotely exploitable without requiring authentication to the targeted system; and it will provide an executive summary of the security vulnerabilities addressed in the update.
CVSS is designed to provide a means of assessing vulnerabilities based on how critical they are in a specific environment..
Oracle said the "plain English" explanations of the vulnerabilities in the update summaries could be used to brief executive management and other non-IT groups on the nature of the defects to be patched.
This will help organisations assess their preparedness for the updates, said Oracle.