Slavik fragt sich: Oracle CPUs – Do We Care?

[…] do we care about Oracle CPUs at all? Oracle was getting a lot of heat from security researchers for not providing security patches or providing them with irregular intervals. Finally, Oracle is stepping up to the plate with the patches. They provide them on regular basis, they announce the the patch before issuing it so organizations can prepare for them. They are improving coding techniques and code vulnerability scanning tools. And after all that, customers are still not protected. The reason for this is that the database is an extremely complicated piece of software and is the life-line of the organization. An enterprise will need to test the CPU thoroughly before deploying and testing takes a lot of time (months). This is further complicated by the fact that many organizations have applications running on top of Oracle databases, and those applications are not “forward compatible” and certified by their vendors to run on future Oracle versions.

Er kommt zur Schlussfolgerung, dass wir jetzt schlechter dran sind als früher, weil die Megacorps ihre Datenbanken sowieso nicht patchen, die Hacker jetzt aber mehr Info über Bugs haben.