Auditing an Oracle database for security issues is very important. provides all of the information and tools that you will need Click here for details of Limited's detailed Oracle database security audit service Click here for details of Limited's Oracle Security Training Courses
There are 57 visitors online    
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.

Pete Finnigan's Oracle security weblog

Home » Archives » November 2004 » Two more "takes" on the Gartner / Oracle exploit information release reluctance

[Previous entry: "Oracle Users Should Take Security Patch 68 Seriously"] [Next entry: "Oracle announce critical patch update schedule - beginning January 18 2005"]

Two more "takes" on the Gartner / Oracle exploit information release reluctance

November 17th, 2004 by Pete

I just found two more news stories about the Gartner report that I wrote about earlier. The first is on TechWeb - It doesn't have an author indicated. It goes into detail about the main thrust of the Gartner analysts report that Oracle have been taken to task for not telling its customers which versions and which products are most vulnerable and also that DBA's and administrators do not have enough information to decide what to patch and which databases are most vulnerable.

I can concur this sentiment as I have had a number of companies ask me how to decide whether their Oracle 7 and 8.0 databases are vulnerable or not and what can be done about it as upgrading is often not realistic. One key message being given on TechWeb and in the original Gartner report is that customers should put pressure on Oracle for more information.

The second article also about the Garnter analysts report is on vnunet. This report covers similar ground and advises that customers review the Alert 68 FAQ regularly, apply the patches, upgrade if possible and set up deep packet inspection if possible or even intrusion detection systems.

Both papers emphasise the issues raised by the Gartner analysts.

November 2004

This is the weblog for Pete Finnigan. Pete works in the area of Oracle security and he specialises in auditing Oracle databases for security issues. This weblog is aimed squarely at those interested in the security of their Oracle databases.

Weblog Home
Weblog Archives

Oracle Security Tools page
Oracle security papers
Oracle Security alerts

Web Development
SQL Server Security

Atom 0.3 FEED
Powered by gm-rss 2.0.0

Valid XHTML 1.0!