informa
/
2 min read
News

Oracle Ranks Bugs, Underlines Most Dangerous

The new information is designed to help IT managers prioritize patching.
Oracle Corp. has announced it will begin to rank vulnerabilities in its products starting with an Oct. 17 security update to help enterprise administrators prioritize patching.

The move, said Eric Maurice, Oracle's manager for security, in a blog entry, is one of three steps the database developer will take next week as it unveils its newest quarterly Critical Patch Update (CPU). Also to debut, Maurice said, are an executive summary of the CPU vulnerabilities and call-outs for any flaw that can be remotely exploited by an unauthenticated user. Those flaws are considered the most dangerous by security researchers.

"Oracle introduced these changes as the result of feedback we received from many of our customers," Maurice said. "We hope that these changes will help our customers assess the criticality of the vulnerabilities resolved with each CPU and help them obtain patching decisions from their senior management more quickly."

Unlike Apple and Microsoft, Oracle has resisted rating the vulnerabilities it discloses when it rolls out patches. But in the past the company has been hammered by critics more for its slow pace in patching than for a lack of rankings.

Oracle is also known for its massive CPUs, which at times have detailed dozens of vulnerabilities. In April, for example, the first-quarter CPU patched 36 flaws, while July's second-quarter batch contained 65 bug fixes.

The third-quarter CPU will be posted to this page of the Oracle Web site next Tuesday.