The company says patches will be published simultaneously to all customers through its Web support site MetaLink each quarter beginning on Jan.18. The remaining patch days for 2005 will be April 12, July 12, and Oct. 18.
Oracle says the new schedule will allow its customers to plan to patch, rather than react to "surprise" patch alerts. Oracle also says the new schedule will help companies avoid so-called patch "blackout" days such as at the end of a financial quarter--a time when many companies won't update systems because they're closing their books.
The company also says the new program will "help lower the cost of applying patches by delivering a single, well-integrated and well-tested patch that fixes multiple, high-priority vulnerabilities."
This summer the company had promised to move to a monthly patch cycle. And it delivered the first bevy of patches on that new schedule at the end of August. At that time, Oracle patched security flaws in various applications, including its Application Server, Database Server, and Enterprise Manager. Microsoft began issuing monthly patches in October 2003, and software makers Computer Associates and SAP have been on regular schedules even longer.
