I agree with you, vendors (I am one myself) should within a reasonable amount of time apply updates and patches and test them to make sure they are ok. But you want to remain supported and its fair on the vendors to say you will run at the recommended level or cannot guarantee it will work properly Just push hard on the vendors and say you are repsonsible if my data gets hacked into. Might push them into gear then On 10/19/05, BP <brian.peasey@xxxxxxxxx> wrote: > > [Oracle 10g Enterprise on AIX 5L] > > Hi Everyone, > > > > To date I've informed my PM's that their is a critical patch for the > db's and that since July the vulnerabilities are now public knowledge. > Not sure if there's anything else I can or should do. Oh ya...I'm > documenting this to cma. > > Any words of wisdom are greatly appreciated. >