Tuesday, April 23, 2024

Researchers Say Oracle Leaves Databases Needlessly Vulnerable

Datamation content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Dark Reading: Recently, security researchers have been complaining that Oracle has been too slow to patch its database software, leaving customers vulnerable to attacks. “I would say easy fixes get done pretty quickly, within three to six months, but things that are harder and need some changes in architecture or have an impact on customers where customers have to make some changes to their products, to their software that uses the databases, those things don’t get done in the CPU,” says Application Security’s Alex Rothacker. “We have a vulnerability disclosed where basically we can brute force any users password and we reported this two years ago and they haven’t fixed it yet.”

Oracle has been putting out fewer critical security patches lately, but researchers say that isn’t because the software has fewer vulnerabilities. “They respond immediately and say ‘Thank you very much for the information’ and so on, but it sometimes takes more than a year to actually release a patch,” says McAfee’s Slavik Markovich. “I get the feeling that they don’t invest enough or have enough people working on this so it takes a long time to patch.”

Subscribe to Data Insider

Learn the latest news and best practices about data science, big data analytics, artificial intelligence, data security, and more.

Similar articles

Get the Free Newsletter!

Subscribe to Data Insider for top news, trends & analysis

Latest Articles