Oracle Moves To Quarterly Security-Patch Cycle
Oracle's new quarterly security-patch schedule departs from its monthly schedule, which Microsoft also uses.
November 18, 2004
Software maker Oracle will soon start issuing security patches quarterly. This new patch schedule comes only months after the company said it would issue such security updates every month.
The company says patches will be published simultaneously to all customers through its Web support site MetaLink each quarter beginning on Jan.18. The remaining patch days for 2005 will be April 12, July 12, and Oct. 18.
Oracle says the new schedule will allow its customers to plan to patch, rather than react to "surprise" patch alerts. Oracle also says the new schedule will help companies avoid so-called patch "blackout" days such as at the end of a financial quarter--a time when many companies won't update systems because they're closing their books.
The company also says the new program will "help lower the cost of applying patches by delivering a single, well-integrated and well-tested patch that fixes multiple, high-priority vulnerabilities."
This summer the company had promised to move to a monthly patch cycle. And it delivered the first bevy of patches on that new schedule at the end of August. At that time, Oracle patched security flaws in various applications, including its Application Server, Database Server, and Enterprise Manager. Microsoft began issuing monthly patches in October 2003, and software makers Computer Associates and SAP have been on regular schedules even longer.
You May Also Like