WOBURN, Mass. -- Sentrigo, Inc., an innovator in database security software, today announced survey results indicating that most Oracle database administrators do not apply the Critical Patch Updates (CPUs) that Oracle issues on a quarterly basis. Oracle designed its CPU program to help customers protect databases and other products against recently discovered security vulnerabilities. However, security patching is largely neglected, which leaves databases open to exploits. Although there are genuine hurdles to CPU installation, including downtime and concerns about compatibility with applications, the results indicate that many enterprises have not internalized the high risk presented by not securing their databases with the latest patches.
Sentrigo has been conducting the rolling survey at Oracle Users Group (OUG) meetings across the country, beginning in August 2007 at the Capital Area OUG in Reston, Va., and continuing in cities such as Chicago, Portland, Salt Lake City, Charlottesville and Cincinnati. The company has collected responses from 305 professionals, mostly database administrators as well as consultants and developers.
Results highlight that most organizations are not taking advantage of Oracle CPUs in a timely manner, if at all. Findings include:
- When asked: Have you installed the latest Oracle CPU? Just 31 people, or ten percent of the 305 respondents, reported that they applied the most recently issued Oracle CPU.
- When asked: Have you ever installed an Oracle CPU? 206 out of 305 OUG attendees surveyed, or 67.5 percent of the respondents said they had never applied any Oracle CPU.
"This survey scares the heck out of me," said Mike Rothman, president and principal analyst, Security Incite. "The database is where most of an organization's critical and regulated data resides and if it's not patched in a timely fashion, organizations are asking for trouble."