« IPS is dead, long live IPS! | Main | WatchGuard sold for just 151m »

July 22, 2006

65 in 1

I missed this one a few days ago, but thought it ludicrous enough to mention anyway.  Oracle just released their quarterly update patch.  Looks like a lucky thing they did, seems it takes care of 65 discovered vulnerabilities, some 23 or so critical.  I wonder what Martin McKeay and my friends on the Security Roundtable would say about this.  Funny, I don't see anybody jumping up and down like they do when Microsoft puts out a patch.  Take 3 months worth of Patch Tuesdays, and you have just about the same amount of patches here.  Anybody want to tell me that Microsoft's record on these are worse than the rest of the industry?  Here is another thing I don't understand, with all of the critical data kept in Oracle databases, why aren't their customers demanding better written software and more frequent updates. Quarterly updates is just not responsible or reasonable in today's atmosphere.  This type of response I think screams for more public disclosure by people finding these holes.

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a00d83451e4d369e200d83429a5d453ef

Listed below are links to weblogs that reference 65 in 1:

» Retrospect: The "Morning After Pill for Patch Tuesday" from Rational Security
I dredged this post up from my prior blog because I think it's interesting and relevant today given the current state of vulnerability management and patching. I wrote this entry almost a year ago on 9/15/05, and I thought I'd [Read More]

Comments

My Photo

Subscribe to my blog

Enter your email address:

Delivered by FeedBurner

Lijit Search

Blog Networks

Creative Commons License
This work is licensed under a Creative Commons Attribution-Share Alike 2.5 License.

Search

Lijit Search

Blog powered by TypePad
Member since 10/2005