CPU July 2007 is out
"The napply CPU is an enhanced CPU format for Oracle Database Server for Unix and Linux platforms version 10.2.0.3 and onward (including 10.2.0.4 and 11g). In a napply CPU, the security fixes are now grouped in what are called molecules. Each molecule in the CPU is independent, and does not conflict with other molecules in the CPU. Conflicts between molecules occur when fixes included respectively in each molecule affect the same file or group of files."
and goes on to discuss
"By using the OPatch parameter ?-skip_duplicate?, customers will have the ability to skip the application of those molecules that have been previously installed (for example by a previous CPU) thus reducing the changes introduced to the patched system. In other words, while the CPU remains cumulative, the CPU will install incrementally those new groups of fixes."
I can see that this will help some sites install patches with less anxiety but I doubt that this will implore many sites to patch earlier and faster. The same fixes, cumulatively are still installed and still need to be installed. The biggest issue i discuss with people is the testing, the fact that often a full regression test is required and the worry that something in a fix breaks the way their applications work.
The best advice I offer is to ensure that you only install the software that is needed and remove as many features (schemas) and functionallity (Java?) that you dont need, in other words reduce the attack surface as much as possible to the functionallity actually needed to support an application. Also dont install Enterprise edition if you can run with Standard or Standard one. I often sites completely over specified in terms of database version/type and features installed.
There are 19 fixes for the database, interestingly one fix for Audit Vault (which is an Apex bug), 4 fixes for the application server, 2 fixes in JDeveloper, 1 collaboration Suite fix, 14 E-Business Suite fixes and 7 PeopleSoft fixes.
So, the observations last CPU that things were getting better could be wrong. This time we went to 45 fixes from 36 and 19 in the database as opposed to 14. Lets leave judgement till next time, this could be a blip in a downward trend or maybe its on its way up again, or maybe we have reached a plateau of around 35 to 45 fixes a patch?