Oracle promises more information about security updates
Oracle, a producer of databases and corporate solutions, has announced that it will provide better information for the Critical Patch Updates (CPU) that it releases every three months. The next Oracle patch release day is set for October 17.
The clearer summaries should help administrators to be better and more precisely informed about the holes, specifically which holes could potentially be exploited over the net without authentication. Going forward, the holes will also be rated based on the Common Vulnerability Scoring System (CVSS), a rating system for security holes. This will allow administrators or other security officers to form better assessments about how quickly a patch should be applied. An "Executive Summary" will now also be provided.
Up to this point Oracle has tallied some of this information in a "Risk Matrix" accompanying the CPU descriptions. Administrators complained about their lack of clarity, in particular in January 2006 when more than one hundred holes were being plugged at once. On the basis of this customer feedback, a decision was made to change the presentation of the information, writes Eric Maurice, security manager for Oracle's Global Technology Business Unit. He expresses hope that users will be able to better evaluate problems, which in turn will aid speedier decision making in corporate situations.
- Changes Introduced With October 17th Critical Patch Update, Announcement from Eric Maurice