Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Gartner Bashes Oracle Over Security

Oracle security practices are raising red flags, a Gartner analyst recently warned, and administrators should hunker down in protecting their database systems.

Just five days after Oracle released a critical security update that patched 82 vulnerabilities, a Gartner researcher said in an online advisory that "Oracle can no longer be considered a bastion of security."

"The range and seriousness of the vulnerabilities patched in this update cause us great concern," wrote Rich Mogull. "The database products alone include 37 vulnerabilities, many rated as easily exploitable and some potentially allowing remote database access. Oracle has not yet experienced a mass security exploit, but this does not mean that one will never occur."

Mogull noted that Oracle administrators had avoided patching by relying on the database's strong security and the fact that the software was deployed deep within an enterprise's defenses. That no-patching procedure won't cut it now.

"Critical Oracle vulnerabilities are being discovered and disclosed at an increasing rate, and exploit tools and proof-of-concept code are appearing more regularly on the Internet," said Mogull. He also blasted Oracle for providing too little information about vulnerabilities, rolling out low-quality patches, and neglecting to offer workarounds.

  • 1