Welcome to the SecAware blog

I spy with my beady eye ...

22 Aug 2005

Oracle patching process unreliable

Users of Oracle systems are advised to double-check that the patches they think they have applied have in fact been successfully applied. Inconsistencies in the internal inventory of Oracle programs maintained by an Oracle installation, for example, may result in relevant patches being missed. [The article is based on a somewhat self-serving press release by an Oracle specialist, but has a ring of truth. A similar situation applies to Microsoft: Microsoft Update does not always apply all relevant MS patches, so it is worth running something like Microsoft Baseline Security Analyzer every so often to double-check the installation. Regression testing and penetration testing can also be useful if sufficient resources are available to 'keep the lights on'.]
More change management resources

No comments:

Post a Comment