Oracle Borrows Security Notice Method from Microsoft | eWeek

Oracle Borrows Security Notice Method from Microsoft

Écrit par
Ryan Naraine
Ryan Naraine
Jan 11, 2007
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Borrowing a page directly from Microsofts playbook, Oracle has implemented an advance notice mechanism for its quarterly release of security patches.

Beginning with the first CPU (Critical Patch Update) for 2007, due on Jan. 16, the database server giant is implementing a CPU Pre-Release Announcement that includes the name of version numbers of Oracle products affected by patches, a total count of vulnerabilities being fixed and a severity score for the most serious product flaws.

Microsoft started offering advance notice on its monthly security bulletins in late 2003, but when word leaked out it was only available for premium customers, the company expanded the mechanism to provide the pre-patch overview to everyone.

Now, Oracle is following suit as part of a larger attempt to improve its highly criticized security response and patch release process. It is also going a step further by providing more details than Microsoft, including the specific product components affected, the actual vulnerability count and “any other information that may be relevant to help organizations plan for the application of the CPU in their environment.”

According to Duncan Harris, senior director of security assurance at Oracle, the new mechanism is aimed at helping customers plan for patch testing and deployment when the updates are eventually shipped.

“While Oracle will try to make CPU Pre-Release Announcements as accurate as possible at the time of their publication, the information they contain may change before the actual publication of the CPU,” Harris said in a blog entry.

/zimages/1/28571.gifClick herefor more on how Oracle is trying to improve its security alerts.

“It is our hope that these Pre-Release Announcements will become valuable tools to help security professionals analyze the criticality of the forthcoming CPUs and brief their management to obtain any necessary approvals for a timely application of the CPUs,” he added.

On Jan. 16, Oracle will ship a mega CPU with fixes for 52 vulnerabilities affecting a wide range of database and application server products. The highest CVSS (Common Vulnerablity Scoring System) base score of vulnerabilities across all products is 7.0.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Ryan Naraines eWEEK Security Watch blog.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.