Oracle simplifies security patching process


Oracle simplifies security patching process

Antony Savvas

Oracle is to make its security patching notes easier to understand and to rate the severity of each threat clearly for the first time, making the patching job of IT administrators much easier.

The changes will come into force with the company’s next security patching release on Tuesday.

Up to now, administrators have had to use complicated assessment matrices supplied by Oracle to help them consider, plan and distribute security patches.

Since Oracle released 65 patches in its last update in July, this had become no easy task for administrators.

With Oracle’s 17 October Critical Patch Update, it will introduce three major enhancements in its documentation.

Oracle is adopting the Common Vulnerability Scoring System (CVSS), which is used by other suppliers, such as IBM; it will also specifically identify those critical vulnerabilities that may be remotely exploitable without requiring authentication to the targeted system; and it will provide an executive summary of the security vulnerabilities addressed in the update.

CVSS is designed to provide a means of assessing vulnerabilities based on how critical they are in a specific environment..

Oracle said the "plain English" explanations of the vulnerabilities in the update summaries could be used to brief executive management and other non-IT groups on the nature of the defects to be patched.

This will help organisations assess their preparedness for the updates, said Oracle.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy