Tuesday, May 18, 2021

Researchers Say Oracle Leaves Databases Needlessly Vulnerable

Dark Reading: Recently, security researchers have been complaining that Oracle has been too slow to patch its database software, leaving customers vulnerable to attacks. “I would say easy fixes get done pretty quickly, within three to six months, but things that are harder and need some changes in architecture or have an impact on customers where customers have to make some changes to their products, to their software that uses the databases, those things don’t get done in the CPU,” says Application Security’s Alex Rothacker. “We have a vulnerability disclosed where basically we can brute force any users password and we reported this two years ago and they haven’t fixed it yet.”

Oracle has been putting out fewer critical security patches lately, but researchers say that isn’t because the software has fewer vulnerabilities. “They respond immediately and say ‘Thank you very much for the information’ and so on, but it sometimes takes more than a year to actually release a patch,” says McAfee’s Slavik Markovich. “I get the feeling that they don’t invest enough or have enough people working on this so it takes a long time to patch.”

Similar articles

Latest Articles

Managed Security Services Provider...

COMMERCE, Mich. — A managed security services provider (MSSP) is rolling out a way to help cybersecurity executives get a better view of their...

What is Data Annotation?

You've completed a hefty round of raw data collection, and now you want to feed that information into artificial intelligence (AI) machines, so they...

How IBM has Changed...

Think is IBM’s big annual conference, and again this year, it was digital. I’m noticing a sharp quality difference in shows like this where...

Database-Tuning Platform Launches and...

PITTSBURGH — A team out of Carnegie Mellon University is launching its automatic database-tuning product today with the help of $2.5 million in funding.   OtterTune,...