As Oracle prepares to dump a passel of 81 security fixes on its user base -- including seven critical patch updates (CPUs) for its database product -- many database administrators are preparing to patch their Oracle database platforms accordingly.
But if recent numbers from the Independent Oracle Users Group annual security survey are an accurate barometer, there are still plenty of others who will sit on the CPUs due out next week for a year or longer. Security experts believe organizations first need to improve these numbers by instituting patching best practices for databases.

"I find it funny that there are patches everywhere else that are applied on a regular basis to machines like desktops and so on, but it is still not a general practice for the databases," says Michelle Malcher, director of education for IOUG and a DBA and team lead at a Chicago-based financial firm.

According to a recent survey of its members, only 37 percent of organizations patch their systems within the same three-month cycle that CPUs are released. Approximately 28 percent either take a year or more to patch, have never applied a CPU, or don't know how long it takes them to patch their databases.

The link for this article located at Dark Reading is no longer available.