Oracle users also need to work more closely with Oracle. Its better for Oracle users to work the companys security experts to solve these problems "rather than stand up at a conference to announce to the world" about the discovery of new security loophole." said Niemiec, who is also former president of the International Oracle Users Group. It doesnt help to publicly disclose these loopholes before Oracle has a chance to develop and release a fix. "If you really want to help, you are going to take it to [Oracle] first," he said."The patches are important, but doesnt mean the database isnt secure," said Craig Read, IT director at M-Trilogix Inc., an enterprise software provider based in Toronto. Oracle has "a secure product [and] a good team working on security issues," said Read, who is also president of the Toronto Oracle Users Group. However, he believes that Oracle could be more proactive about getting information out on a more timely basis. For example, Read said Microsoft Corp. has done a better job of alerting customers about vulnerabilities in Windows and about the patches to fix them. "Oracle is very much reactive now," Read said. But this major patch release "is the first step in the right direction" that gives Oracle a chance to be more proactive at tracking security vulnerabilities and fixing them on a regular basis. He also suggested that this is a good time for Oracle to tone down the marketing rhetoric that its database is the most secure and the best in the world. "People are tired of that," Read said. It would be better if Oracle just continues to acknowledge security problems when it finds them and promptly issues a patch. "People would appreciate that more than just saying, We are unbreakable, " Read said. Check out eWEEK.coms Enterprise Applications Center at http://enterpriseapps.eweek.com for the latest news, reviews and analysis about productivity and business solutions.
Another database administrator said he didnt believe there was a major concern that Oracle databases were highly insecure before the patches were released this week.