Dive Brief:
-
Oracle's October critical patch update covers 253 different vulnerabilities across its products — the company's second-largest patch update ever, eWEEK reports.
-
The large update may be more of a sign of Oracle's commitment to security than it is about any vulnerabilities in its software, security experts say.
-
Oracle's largest patch update was in July, which addressed 276 vulnerabilities.
Dive Insight:
It's hard not to pay attention to that number of patched vulnerabilities, which is ... well, big. But it also covers multiple Oracle products and may reflect Oracle's aggressiveness at attacking potential issues.
John Matthew Holt, the chief technology officer of Waratek, told eWeek that Oracle makes larger investments in the security of Java than some of its competitors do in their programming languages — and that as a result, Java is actually more secure, not less, than many of them.
But patches don't work if they're not applied. No matter how many patches a company rolls out, if customers don't apply them, security vulnerabilities will persist. Those gaps, and inattention to potential flaws can threaten a company's entire security posture.