RE: new Patch Set Updates released

  • From: "Allen, Brandon" <Brandon.Allen@xxxxxxxxxxx>
  • To: Martin Bach <development@xxxxxxxxxxxxxxxxx>, ORACLE-L <oracle-l@xxxxxxxxxxxxx>
  • Date: Thu, 14 Jan 2010 11:12:37 -0700

Thanks Martin.  I've had the same position as you on patching for years, 
especially since all our databases are on secured networks, we've never had a 
(known) security breach, and we're running ERP systems where testing requires a 
major coordinated effort.  But, I'm starting to worry that my luck must be 
wearing thin and most malicious attacks are internal, plus I've seen a few 
articles about worms and hacker programs for Oracle in the past few years so I 
figured I should try changing my ways and get a bit more proactive before it's 
too late.  I figure as long as I'm applying security updates (CPUs), I might as 
well take the full plunge and apply the "low risk, high value" bug fixes in the 
PSU too, but I'm just as skeptical as anyone about that "low risk" claim.  So 
far, I haven't heard too many horror stories to scare me away, other than some 
problems getting the one-off overlay patches if required, but my databases 
don't have a lot of one-off patches so I'm hoping I won't have trouble there.  
I'm just waiting for the green light from my developers to take some downtime 
and patch their database, and then I'll post my results - hopefully in a couple 
days.



From: Martin Bach [mailto:development@xxxxxxxxxxxxxxxxx]

For what it's worth I'd never install any Oracle patch regardless . . .


________________________________
Privileged/Confidential Information may be contained in this message or 
attachments hereto. Please advise immediately if you or your employer do not 
consent to Internet email for messages of this kind. Opinions, conclusions and 
other information in this message that do not relate to the official business 
of this company shall be understood as neither given nor endorsed by it.

Other related posts: