Oracle Shifts to Quarterly Patch Cycle | eWeek

Oracle Shifts to Quarterly Patch Cycle

Verfasst von
Brian Fonseca
Brian Fonseca
Nov 18, 2004
2 minute read
eWeek Inhalte und Produktempfehlungen sind redaktionell unabhängig. Wir können Geld verdienen, wenn Sie auf Links zu unseren Partnern klicken. Mehr erfahren

Oracle Corp. plans to announce yet another change to its security patch release process.

Three months after adopting a monthly schedule to roll out security fixes, the database management firm says patches will now be issued on a quarterly schedule, beginning January 18, 2005.

It effectively means that Oracle customers will get four Critical Patch Updates a year—January 18, April 12, July 12, and October 18—instead of the 12 promised earlier this year.

Oracle has been heavily criticized in the past for adopting a lackadaisical approach to addressing critical security flaws.

The issue came to a head at the BlackHat conference in Las Vegas this year when research firm NGSS (Next Generation Security Software Ltd.) released details on more than two dozen security holes in Oracle products that had not been fixed.

At the time, NGSS said Oracle was aware of the vulnerabilities—some of them critical—for several months.

Officials from Redwood City, Calif.-based Oracle have confirmed the first security patch offering will include fixes across Oracles database products. No other information was provided on which Oracle database versions will be targeted, or which other software lines would be addressed by the inaugural Critical Patch Update.

In general, the quarterly security patches will address flaws and vulnerabilities on an as-needed basis for Oracle Database, Oracle Application Server, Oracle E-Business Suite, Oracle Enterprise Manager and Oracle Collaboration Suite at the time of each rollout. Security patches offered in preceding Critical Patch Updates will automatically be part of each following quarterly update for customers who may still be unprotected if they missed any prior security updates.

Critical Patch Updates are scheduled to be issued to customers simultaneously via MetaLink, Oracles online support Web site. If no security patches are needed at the time a quarterly update is scheduled than none will be offered.

/zimages/4/28571.gifClick hereto read about Oracles first-ever monthly rollup of security patches.

Oracle officials said the adoption of a new cycle is an attempt to avoid customer surprise with numerous patch “alerts” and guard against interference with common blackout periods when systems are traditionally not updated.

The company believes that giving customers enough notice to properly prepare for the required patch installations will result in less costs and reduced complexities.

Oracle officials said the company will reserve the right to institute a security patch alert at any time and without warning to customers if vulnerabilities are severe enough to warrant a patch.

Additional reporting by Ryan Naraine.

/zimages/4/28571.gifCheck out eWEEK.coms for the latest database news, reviews and analysis.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Eigentum von TechnologyAdvice. © 2026 TechnologyAdvice. Alle Rechte vorbehalten

Werbetreibenden-Offenlegung: Einige der auf dieser Website erscheinenden Produkte stammen von Unternehmen, von denen TechnologyAdvice eine Vergütung erhält. Diese Vergütung kann beeinflussen, wie und wo Produkte auf dieser Website erscheinen, einschließlich beispielsweise der Reihenfolge, in der sie erscheinen. TechnologyAdvice schließt nicht alle Unternehmen oder alle auf dem Marktplatz verfügbaren Produkttypen ein.