Database security

Database security Thank heavens for a Slammer-free year. There were plenty of warnings of exploits or vulnerabilities, though, both on Oracle databases and IBM DB2. Plenty of people got fed up with Oracles silence on flaws, as well. Oracle sort-of almost announced midyear that it would be releasing monthly patch rollups, a la Microsoft. Users had mixed reactions, some saying that they only had time for biyearly patching, others saying they wanted patches as soon as they were available. After just one monthly patch rollup dribbled out, users were left scratching their heads. The confusion was allayed recently, however, by Oracle Chief Security Officer Mary Ann Davidson, who announced that, after plenty of back-and-forth with customers, it was decided that a quarterly patch rollup release would be the right schedule to adopt. Users seem pretty OK with that, particularly given the assurance that critical updates would be sent out in the interim between quarterly updates. The crystal ball There was plenty more excitement in 2004, particularly surrounding Microsofts relentless business intelligence rollouts and IBMs announcements around Information Integrator. But my sources tell me that such news is just setting the stage for some very interesting battles that will take place in 2005. Stay tuned for my look ahead at what the new year will bring to database aficionados, where Ill delve into those in more detail. Write to me at lisa_vaas@ziffdavis.com. eWEEK.com Associate Editor Lisa Vaas has written about enterprise applications since 1997. Check out eWEEK.coms for the latest database news, reviews and analysis.