Oracle Security Patch Causes Insecurity
,----[ Quote ]
| To patch or not to patch - that is the question for many software
| customers. And it's particularly tricky one to answer when the
| software company won't say what the patch is for, as one readerd
| iscovered with a recent Critical Patch Update released by Oracle for
| PeopleSoft.
|
| [...]
|
| Ultimately, though, his requests fell on deaf ears. "The bottom line
| is simply that, despite the fact we're paying thousands of dollars per
| year for 'support' from them, Oracle will not disclose the information
| we require. I know from my phone conversations with the support manager
| that mine is not the only company pressing for specific information
| about the patch. I can only imagine the IT staff of those organizations
| are pulling their collective hair out. Our decision, given that we
| cannot justify the interruption to MIS activities and a certain amount
| of inevitable system downtime in the face of no information from which
| to base a decision, is to not install the latest patch."
`----
http://weblog.infoworld.com/gripeline/archives/2006/11/oracle_security.html
|
|