Thursday, April 22, 2021

Researchers Say Oracle Leaves Databases Needlessly Vulnerable

Dark Reading: Recently, security researchers have been complaining that Oracle has been too slow to patch its database software, leaving customers vulnerable to attacks. “I would say easy fixes get done pretty quickly, within three to six months, but things that are harder and need some changes in architecture or have an impact on customers where customers have to make some changes to their products, to their software that uses the databases, those things don’t get done in the CPU,” says Application Security’s Alex Rothacker. “We have a vulnerability disclosed where basically we can brute force any users password and we reported this two years ago and they haven’t fixed it yet.”

Oracle has been putting out fewer critical security patches lately, but researchers say that isn’t because the software has fewer vulnerabilities. “They respond immediately and say ‘Thank you very much for the information’ and so on, but it sometimes takes more than a year to actually release a patch,” says McAfee’s Slavik Markovich. “I get the feeling that they don’t invest enough or have enough people working on this so it takes a long time to patch.”

Similar articles

Latest Articles

Top Cloud Service Providers...

Surveying the top cloud computing companies in 2021 goes way beyond AWS vs. Azure vs. Google. While those three are inarguable cloud leaders, the...

IT Planning During a...

Without a doubt, 2020 changed everything. I like to compare it to a science fiction movie where time travel is involved. Clearly, we have...

Best Data Quality Tools...

Data quality is a critical issue in today’s data centers. The complexity of the Cloud continues to grow, leading to an increasing need for...

NVIDIA’s New Grace ARM/GPU...

This week is NVIDIA’s GTC, or GPU Technology Conference, and they likely should have changed the name to ATC because this year – it...