Wow 113 Patches
Just proves how poor their software really is. Oh wait you said quarterly, and across the product range then, so not that many then. How many did Microsoft release in the last 3 months for all their products.
Oracle has emitted its quarterly Critical Patch Update, this time offering a mere 113 patches sysadmins and security folks should get busy implementing. This time around there's 29 fixes for Oracle Fusion Middleware, 20 for Java SE, ten in MySQL Server, seven in Hyperion products and five apiece for Oracle database and E- …
Yeah, part of the issue is the number of products currently under support due to a history of mergers/takeovers. The site lists 12 product groups, some of which cover multiple products (e.g. Fusion middleware has Glassfish, iPlanet, Weblogic and others).
As for the 3 monthly cycle, that also means that there's potentially a larger window for zero day vulnerabilities, but it does make planning patching cycles (particularly for e.g. PCI-DSS) significantly simpler.
Of course, Java is still a buggy pile of poo and has the majority of the vulnerabilities, mostly for client side Java.
"Oh wait you said quarterly, and across the product range then, so not that many then. How many did Microsoft release in the last 3 months for all their products."
I could be wrong, but a quick check on Technet shows MS issued 9 patches in May, 7 in June and 6 in July so that is 22 in the last three months. The numbering system implies MS has issued 42 in the seven months of this year.
But this overlooks two main issues:
1) issuing lots of patches doesnt necessarily mean your software is dodgy (it could mean you are just much better at finding and patching holes than anyone else).
2) Using MS as the example really is setting the bar low.
Enough said. To be fair, they dropped that campaign in 2005 or so, but I always remember how they could be so presumptuous and at the same time fool their customers so well. Note that "customers" refers to whoever makes the purchase decision, who is not usually the same person that has to suffer its consequences (DBAs, developers, sysadmins)
To be clear, their core database is a damn good fine, if equally expensive, product. The rest is most... well, if you have used them, you know better.
Are you sure they dropped unbreakable?
To be clear, their core database is a damn good fine, if equally expensive, product. The rest is most... well, if you have used them, you know better.
I disagree. Databases are like operating systems. They all suck. Just in different ways and amounts.
Whichever RDBMS you pick, it is a case of you win some you lose some.