Oracle is so well known for its security that it may have become complacent. "This is a wake-up call to Oracle to take security more seriously," said Noel Yuhanna, senior analyst with Forrester Research.
Think you have to compromise on security to save on costs? Think Again. Trend Micro™ Enterprise Security, powered by the Trend Micro Smart Protection Network™, can lower your content security management costs by up to 40%. Find out just how much you’ll save with our TCO Impact Calculator.
Oracle (Nasdaq: ORCL) customers may be experiencing security déjà vu.
On August 31 the company warned of database security holes and released a patch. This morning it told customers that those same holes need immediate attention and strongly advised them to install the patch.
The more urgent warning was issued after Oracle discovered that hackers have been active in exploiting the database holes.
Why didn't the message get through the first time?
Many customers either didn't receive the August communication or failed to act on it because they didn't know if their specific products were affected.
To avoid inviting more attacks, Oracle has provided few details about the holes or which software is affected. Patching is time-intensive, and many companies chose not to install patches they weren't sure they needed.
Database 8i, 9i and 10g, Application Server and Enterprise Manager are thought to be susceptible, but that list is not exhaustive.
"I think there's a communication problem at Oracle," said Noel Yuhanna, senior analyst with Forrester Research. "They haven't clearly specified what needs to be done [and] what databases are affected, [nor have they revealed] the seriousness of this."
Yuhanna told CRM Buyer that he has received concerned calls from clients who use Oracle products, inquiring as to whether their desktop software, supported by Oracle databases, will be affected by the security flaws.
"Some of these clients have thousands of databases, and this isn't something that can be fixed in one month's time even," he said.
In order to avoid the problems that left Microsoft's (Nasdaq: MSFT) SQL stuck in security incident response mode only two years ago, "Oracle needs to push this information down through top management that these are really important flaws to correct," he said.
"Oracle has never dealt with this kind of situation in which it has had a flaw in security that covers a wide range of its software," he continued. "Customers obviously are complaining."
Yuhanna said that Oracle has been lucky. It has become well known for the security features inherent in its products, so much so that with the recent release of Database 10g, "it was more focused on making a world-class software with all of the bells and whistles." Attention to security was neglected.
"This is a wake-up call to Oracle to take security more seriously," he said. "Oracle will come back," he predicted, but not until it learns that "all software products are vulnerable to security flaws."
Print Version
E-Mail Article
Reprints
More by Kelly Shermach
Next Article in Security
|
Microsoft, Cisco To Share Network Security Technologies October 18, 2004 
The goal is a "single, coordinated solution" that enables network administrators to control both Windows installations and Cisco network architecture, the two tech giants said. The companies will also strive to draft and have implemented industry standards for network admissions and access control.
|
Related Stories
|
DeepNines President Dan Jackson on Network Security October 18, 2004 
"We've had a focus on education because we felt if we could demonstrate to the marketplace that we could sit in the wildest of environments, it would demonstrate true security functionality," said DeepNines President Dan Jackson. "At universities you would not believe the spike in traffic and the spike in malicious traffic when school comes back in service."
|
Oracle Needs PeopleSoft To Survive October 01, 2004 
Getting beyond the petty rivalries surrounding this acquisition is critical to seeing the truth: Oracle needs PeopleSoft to survive. Oracle has been struggling to capture customers for its enterprise applications while at the same time selling applications innovative enough to deliver financial returns. That truth has just come to light in this latest quarter.
|
Judge Rules Oracle Can Pursue PeopleSoft Takeover September 10, 2004 
The ruling yesterday came more than 15 months after Oracle made its initial surprise offer for PeopleSoft. The past year has been marked by numerous legal maneuvers and verbal grenades tossed between the two camps, particularly between Oracle CEO Larry Ellison and his counterpart, Craig Conway, a former high-ranking Oracle executive.
|
Windows XP Service Pack 2 Under Heavy Security Scrutiny August 20, 2004 
Michael Sutton, director of iDefense Labs, told TechNewsWorld the early SP2 security issues are not major ones. However, the vulnerability expert did indicate that SP2 will undergo a tremendous amount of scrutiny because it is a Microsoft product and because it focuses on security, challenging both attackers and experts in a sense.
|
Oracle Releases New Version of Sales-Side CRM Software August 16, 2004 
"Selling is complex, and companies need to provide the entire network of organizations involved in the selling process -- the marketing organization, the sales force, partners -- with the right tools and information to make them successful," said John Wookey, senior vice president of applications development for Oracle.
|
Related News Alerts
More by Kelly Shermach
|
Does SaaS Meet the Customization Challenge? April 17, 2007 
SaaS market leaders have improved their customization options to meet most enterprise needs, says Michael Greenberg , vice president of marketing at Loyalty Lab. "Salesforce.com leads the way with their Apex platform providing a dizzying array of options to incorporate SaaS into any enterprise environment."
|
Getting Physical With Online Shopping April 14, 2007 
"Because each customer has a different buying style, unique selection criteria, personal motivations and shopping approach, retailers must deliver a more dynamic experience to better accommodate customer preferences," notes Errol Denger, senior strategist for WebSphere commerce at IBM.
|
Accenture Partner Garret Wu: Health Info Prototype Is One Small Step April 11, 2007 
"Accenture's prototype introduces both common language and data standards, and integrates information across the entire healthcare system. It enables a single view of a patient's medical information. This helps provide better patient care, more consistent care and supports the secondary use of data," said Garret Wu, a partner at Accenture Health & Life Sciences.
|
Get Business and Technology News Alerts
Most Popular | Spotlight Features | Exclusives
This Week on ECT News Network | Podcasts
Online Retail Transaction Performance Indices
Inside E-Commerce Times
|
Reader Services
|
Corporate
|
Headline Feeds
Talkback: 
