Podcast: The state of Oracle security

In this edition of Security Wire Weekly, Oracle DBA Jon Emmons gives his observations about Oracle's new critical patch update format.

In October, Oracle released its quarterly patch update, which fixed 101 flaws across its product line. The release was made with a streamlined bulletin offering more detail on the flaws and their severity. The changes were in response to feedback from customers who have found past bulletins overly complicated and short on specifics. Oracle DBA Jon Emmons discusses the state of Oracle security with Senior News Writer Bill Brenner. Emmons is the keeper of a popular blog called "Life After Coffee," which focuses on Oracle security and other topics.

  Oracle DBA Jon Emmons:  

  Program highlights:  

  • (1:03) Introduction of DBA Jon Emmons.

  • (1:23) What are your initial observations on the new look of the CPU bulletin? Did you find this bulletin easier to digest than past releases?

  • (1:51) Do you agree with some of the security experts in the past who really railed against these bulletins being hopelessly complicated and hard to digest?

  • (2:40) As a database administrator, do you think you have a long task ahead of you getting your systems patched, or is this latest bulletin par for the course?

  • (3:13) From beginning to end, how long does it take from the time the CPU is released to the time that you have all of the patches deployed?

  • (3:42) Oracle has taken a lot of flak in the past from experts who say the company sits on flaws for too long and often doesn't properly fix something as advertised. Is that a fair assessment or is Oracle getting unfair criticism?

      Program Links:  

  • Oracle bulletins will rank patches, offer more detail: Oracle has been criticized in the past for releasing complex security bulletins that are hard to decipher. The streamlined bulletins will be easier to digest, the company says.

  • Oracle DBAs mixed on security progress: Some DBAs praise Oracle for its revamped patch bulletins, but others say the database giant's patching process still leaves much to be desired.

  • Security Wire Weekly: Oracle's Darius Wiles: Oracle's Darius Wiles discusses the database giant's vulnerability patching process and the criticisms levied against it.

  • Oracle fixes 101 flaws: Attackers could exploit 45 of the 101 flaws remotely without a username or password. Meanwhile, the new CPU offers more detail on the number of flaws patched and their severity.

  • Oracle owns up to patching problems: Database giant Oracle Corp. has faced mounting criticism of its security patching process during the last two years.

  • Information Security podcasts: Visit SearchSecurity's podcast archive.

  • Read more on Database software