Skip to main content
close search
site logo
Dive Brief

Oracle's patch updates include 254 security fixes

Published April 20, 2018
Samantha Schwartz's headshot
Samantha Schwartz Reporter
Wikimedia

Dive Brief:

  • Oracle announced its patch updates, including 254 security fixes along its product families, according to the company's April 2018 Patch Advisory. The company released a unique Critical Patch Update in January following the Spectre and Meltdown vulnerabilities disclosure.

  • Customers who failed to update vulnerabilities with already available patches are still experiencing attacks, according to the company. Customers who "failed to apply" the available patches became victims of successful exploit campaigns. 

  • Oracle's Patch Advisory comes a day after its Chief Security Officer Mary Ann Davidson said that customers should know what they're getting from providers and "demand better assurance" at the RSA Conference in San Francisco Wednesday.

Dive Insight:

"Checkbox-based security" is not fundamentally working anymore, according to Davidson. It's no longer the most secure method of cybersecurity, in part due to how fragmented the threats on a system are.

Software and hardware vulnerabilities add to this headache because the former can be constantly patched by its provider, whereas hardware demands a deeper investigation.

Hardware's trustability is rooted in the integrity of each physical piece it's made of and the manufacturers who provide them. But once one providers' flaws are exploited, it puts the rest of the system at risk.

This was seen in the Meltdown and Spectre vulnerabilities. Because of flaws in computer chips, including mostly Intel chips, software companies like Oracle were forced to offer their own remediations as well.

As attacks on the supply chain are expected to continue, monitoring when a vendor announces its patches is crucial to basic cybersecurity hygiene.

Davidson noted that Oracle has not always been so transparent about its updates, leaving some customers to feel that they were not provided the tools needed to prevent an attack. However, patches were readily available, they were just not as publicized, and she recognized the frustrations associated with that.

Oracle has since tried to improve how it notifies customers of a potential risk, but customers should ask only targeted questions in terms of cybersecurity, according to Davidson. How risk assessment execution should be limited to the impact on a customer's individual business, instead of the attack as a whole.

This will help better sculpt security concerns between customer and provider and therefore strengthen defense. 

Recommended Reading

Filed Under: Security, Software

Editors' picks

Company Announcements

View all | Post a press release
Celonis Appoints Benoit Fouilland as Chief Financial Officer to Drive Next Phase of Growth
From Celonis
December 05, 2024
Only Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Eva…
From Cynet Security
December 11, 2024
Graphiant Unveils Revolutionary Data Assurance Offering
From Graphiant
December 09, 2024
Arcus Power Launches Power Market Data Solutions on Snowflake Marketplace
From Arcus Power Corp
December 04, 2024
Editors' picks
Latest in Security
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.