Hot off the presses about Oracle:
--Gartner Says Oracle is "No Longer ... a Bastion of Security"
(24 January 2006)
Gartner has published an advisory on its web site warning administrators
that they need to be "more aggressive" in securing Oracle applications
because the company is not providing their customers with adequate help.
Gartner analyst Rich Mogull wrote that "Oracle can no longer be
considered a bastion of security" and that "the range and seriousness
of the vulnerabilities patches in this update cause us great concern."
Gartner is also critical of Oracle for providing less information about
fixes than the industry standard, for releasing faulty or
difficult-to-use patches and for the fact that Oracle does not provide
workarounds for vulnerabilities. Gartner recommends that administrators
protect their systems with firewalls and intrusion prevention systems
and use security monitoring tools. In addition, patching is sometimes
not possible because legacy versions are unsupported.
http://www.zdnet.com.au/news/software/print.htm?TYPE=story&AT=39234277-2000061733t-10000002c
http://www.computerworld.com/printthis/2006/0,4814,108038,00.html
_____________________________________
Teri MacGill, CPA, CISSP, CIA, CISM
The Regence Group
Security Staff Consultant/Security Specialist
(503)225 - 6023
This email is meant for the use of the intended recipient only. If you
have received this email in error, please discard. Nothing in this email
is meant to be binding on the sender or The Regence Group unless
specifically stated.
==============================================================================
IMPORTANT NOTICE: This communication, including any attachment, contains
information that may be confidential or privileged, and is intended solely for
the entity or individual to whom it is addressed. If you are not the intended
recipient, you should delete this message and are hereby notified that any
disclosure, copying, or distribution of this message is strictly prohibited.
Nothing in this email, including any attachment, is intended to be a legally
binding signature.
==============================================================================
-------------------------------------------------------------------------
This List Sponsored by: Watchfire
Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself.
Download AppScan 6.0 today.
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
--------------------------------------------------------------------------
