Gartner: Oracle no longer a bastion of security

Analyst group Gartner has warned administrators to be "more aggressive" when protecting their Oracle applications because, according to Gartner, they are not getting enough help from the database giant.

Gartner published an advisory on its Web site just days after Oracle's latest quarterly patch cycle, which included a total of 103 fixes with 37 related to flaws in the company's database products. Some of the flaws carry Oracle's most serious rating, which means they're easy to exploit and an attack can have a wide impact.

According to the advisory, which was posted Monday by Gartner analyst Rich Mogull, "the range and seriousness of the vulnerabilities patched in this update cause us great concern...Oracle has not yet experienced a mass security exploit, but this does not mean that one will never occur."

Mogull said that because Oracle has historically been seen as having very strong security and many of Oracle's products are located "deep within the enterprise," administrators often neglect their patching duties.

"Moreover, patching is sometimes impossible, due to ties to legacy versions that Oracle no longer supports. These practices are no longer acceptable," said Mogull, who advises administrators to pay more attention to securing their Oracle applications.

Mogull said administrators should:

• Immediately shield these systems as well as possible, using firewalls, intrusion prevention systems and other technologies.

• Apply available patches as rapidly as possible.

• Use alternative security tools, such as activity-monitoring technologies, to detect unusual activity.

• Pressure Oracle to change its security management practices.

Oracle did not immediately respond to requests for comment.

In response to the Oracle patch release, Symantec raised its ThreatCon global threat index to Level 2, which means an outbreak is expected. It typically does that after a patch release because malicious hackers might use the fixes as a blueprint for attacks.

Munir Kotadia of ZDNet Australia reported from Sydney. CNET News.com's Joris Evers contributed to this report from San Francisco.

[SqlserverCode]

Unbreakable?

Unbreakable?

I don't think so, They are too busy buying up companies instead of keeping up the quality of their flagship product

http://www.otherthingsnow.blogspot.com/

[Hernys]

Tell me something new.

Oracle has not been a bastion in security for several years. The only thing related to security in this company in the last five years has been their marketing. The number of vulnerabilities, their seriousness, and the total lack of responsibility with which Oracle treated them puts the company at the bottom of the market in this respect. Well below IBM, Microsoft and the Open Source alternatives.
But marketing trumps truth, and Oracle is still the "unbreakable" alternative in the mind of many CIOs.

How times have changed

2 short years ago M$ was the evil empire with the reputation for releasing products full of security holes and lacking a commitment to fix them. Oracle was the rock on which corporate America built thier house. Even though there are still vulnerabilities, I applaude MS for taking action to address their problems. Oracle seems to be heading in the opposite direction these days. Oracle could learn a lesson from MS in how to simplify the security patch process. Their current process is far too complex.

[BogusName]

Slamming Oracle Again

This site is getting far too predicatable. I think Bill Gates is actually writing these articles.

Yes, the patching process is too complex, but there have been no more successful expoits of Oracle products than there have been of equally obiquitous products. TOO MUCH HYPE.

[BogusName]

*typo*

obiquitous -- > ubiquitous