Poll: Oracle admins have a poor update install record
Eleven per cent of Oracle database administrators have never installed any Oracle Critical Patch Updates (CPU), updates which include important security fixes. The discovery is the result of a survey conducted by the Independent Oracle User Group (IOUG) over 150 companies. According to the survey, at least 30 per cent install outstanding patches before the next patch is released. Approximately 25 per cent indicated that they were a CPU (usually released every 3 months) behind. Ten per cent had let two CPUs pass by, eight per cent had already missed at least three CPUs, eight per cent had missed four cycles and eight per cent did not know or weren't sure.
One reason for the problem seems to be the lack of company guidelines for handling Oracle database updates. Roughly one third of respondents did not have policies regarding CPUs from Oracle. IT guidelines are usually only provided for the installation of Microsoft updates. Often only a few critical systems are set up for quick installation of updates. Some admins don't update due to fear of possible problems caused by applying the updates.
According to the IOUG, some administrators see little reason to change their patching habits. Sixteen per cent indicated they would think about it after a malware attack on an Oracle database they manage. According to the study, the group which has never bothered installing patches saw no reason to change.
As early as the beginning of 2008, Sentrigo, a database security provider, found that two thirds of of the surveyed database administrators, developers and consultants had never installed a CPU. Only ten per cent indicated they had installed the latest Oracle patches.
- Security updates from Oracle fall on stony ground, a report from The H.