Slashdot Mirror

← Back to Stories (view on slashdot.org)

Oracle Patch Day Becoming Irrelevant

Posted by Zonk on from the patches-on-patch-day-seems-logical dept.

mocirac wak writes "Oracle's scheduled quarterly patch day is becoming more and more irrelevant. Oracle critical patches announced in the April 2006 CPU are still not available for download and the ETA is now set for May 15. The whole idea of a patch day was to let DBAs get prepared for testing and deployment. What's the use of having a patch day when there are no patches to download?" From the article: "... Oracle's explanation that patch testing is not yet done points to serious shortcomings and an absence of a good patch development process. 'For such a big organization with a lot of financial resources, they should be ready to handle this without problems. But they are amateurs on everything security related,' Cerrudo said. 'They spend a lot of time creating these patches. Then, patch day comes around and the patches aren't available. Then, when the patches are finally released, it's normal to find that they are incomplete and fail to address the actual vulnerability,' he added."

6 of 76 comments (clear)

  1. Deal. by gregfortune · · Score: 4, Insightful

    Just because they are a large, successful company doesn't mean schedules are solid and sufficient resources are made available. Microsoft is wildly successful, but faces the same problems. World of Warcraft is wildly successful, but faces the same problems. Ultimately, we still have people involved and people make mistakes. People estimate incorrectly. Stuff happens (c).

    If you have an alternative and they are able to serve you better, migrate. If not, suck it up and be thankful the mistakes of your vendor give you a well paying job.

    1. Re:Deal. by squidguy · · Score: 4, Insightful

      The difference is, security bugs in WoW cannot manifestly impact worldwide commerce (outside of Blizzard's books), national security and all the other things Oracle (and MSFT, unfortunately) are involved with.

      Either way, this is bad on Oracle's part.

    2. Re:Deal. by EnronHaliburton2004 · · Score: 4, Insightful

      There is a pretty big difference in Scale. You can't compare WoW to Oracle.

      An Oracle Database for a mid-sized website can easily cost hundreds-of-thousands of dollars. We pay Oracle Jockys a 6 figure salary to maintain the behemoth. It's critical to the business. For that price, I expect top-of-the-line support.

      I wouldn't expect stellar support for WoW -- it costs something like $20/month. I'm suprised you attempt to compare the two.

      The total license fees for Microsoft products for a 100-person office (100 workstations, Exchange, a dozen Windows Servers) is relatively low compared to the cost of the Oracle Database. From Microsoft, I expect good support-- the product needs to behave well, we need access to emergency support, etc.

      --
      94% of Repubs and 21% of Dems voted to renew the Patriot Act
  2. Unofficial patches by Matt+Perry · · Score: 4, Funny
    Unofficial patches available here: Mirror 1. Mirror 2.

    ;-)

    --
    Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
  3. Re:Heaven Forbid! by Bacon+Bits · · Score: 4, Insightful
    If you want to charge people $25,000 for your software, you damn well better patch promptly and completely.

    It's Oracle's responsibility. They they can't do it now, they need to invest in their patch development so that they do.

    --
    The road to tyranny has always been paved with claims of necessity.
  4. limited set unavailable? by Fro+Ingwe · · Score: 5, Insightful

    I'm an Oracle DBA by trade and was able to patch my test systems running Oracle 9iR2 within days of the scheduled release date.

    The article makes it sound like the target date was missed entirely, and while I know there are delays for some releases, others were made available as planned.

    Why do I get the feeling that most of the complaining here is by people who don't actually use the product?