Early patch alerts for Oracle users

Oracle has started to give customers pre-release information about upcoming patches

Oracle has started to pre-release patch update information for its software. Earlier this month, customers received advance warning about 52 new critical updates, which the database giant formally issued last Tuesday.

The patch update offered early details on the number of security fixes affecting certain systems, and the problems they could cause. The Oracle move follows a similar decision by Microsoft to offer customers notification of affected systems prior to releasing its monthly Patch Tuesday bundles.

Paul Davie, chief executive at Oxford-based database and application assurance vendor Secerno, said the move is a step in the right direction. “But it’s not the vendor vulnerabilities they need to focus on, but the critical weaknesses in their development processes,” he warned.

Secerno warned that badly written web applications for database access were a key cause for concern, especially SQL injection attacks that can be used to gain complete control of SQL databases.