Oracle plans to stop automatically producing security patches for all systems its software runs on, instead creating fixes for uncommon combinations on request, the company said Tuesday.
The various versions of Oracle's database software and business applications run on a wide variety of operating systems. The Redwood City, Calif.-based company has been releasing security fixes for the bulk of those. That's changing with its next scheduled patch release in July because some fixes were seldom downloaded, it said.
"There are certain platform and version combinations that historically have been inactive," Eric Maurice, a manager for security at Oracle, wrote on a corporate blog. "Instead of systematically creating (updates) for those inactive combinations, we will only produce those patches if clients specifically request them."
Oracle will continue to include the fixes in the main code and future releases of the applicable software programs, as well as in "patch sets," which are product updates that include more than just security fixes.
Oracle announced the change in its patch plans at the same time it put out its April fixes. The "Critical Patch Update" offers fixes for 36 vulnerabilities across Oracle's products, including 14 in the company's widely used database software. Several of the vulnerabilities could be exploited remotely by an anonymous attacker, Oracle said.
"Due to the threat posed by a successful attack, Oracle strongly recommends that fixes are applied as soon as possible," Oracle said in a security advisory.
However, some Oracle customers using the Windows operating system will have to wait until April 30 for the database fixes. Oracle doesn't yet have an update for release 9.2.0.8 of its database software running on Windows because of quality issues, a company representative said.
Oracle's next Critical Patch Update is on July 17.
Patent-holding company claimed a host of Web giants owed it hundreds of millions in royalties for their use of online video streaming, search suggestions, and other "interactive" elements on pages.
After large numbers of longtime 'Burners' failed to get tickets during the event's recent selection process, many claimed organizers had failed to adopt a sensible system. Now, those organizers are trying to calm community anger.
Creating a tiny version of a coaxial cable, researchers at the University of California at San Diego create smallest laser to date, an advance that could lead to optical computer chips or high-resolution displays.
SolarReserve hits a milestone on a 110-megawatt solar power plant that will have between 10 and 15 hours of energy storage in tanks of molten salt for supplying Nevada.
When a critical flaw is found... patch it within 24 hours.
When a non-critical flaw is found... patch it within 72 hours.
It's "Responsibility"... NOT "Selectivity" that is needed!!!
Walt