Security guru blasts Oracle's patching policies

Oracle could issue a million new security features when it debuts Oracle Database 11g later this year, but it wouldn't change the fact that Oracle's patching problems still need to be addressed, according to Oracle Security Handbook author Aaron Newman.

Newman, who is also the co-founder and chief technology officer of Application Security Inc., spends his days helping clients lock down their databases so that sensitive customer data doesn't get stolen. He says that new security features are certainly nice, but getting security holes fixed faster and porting those fixes back to older versions of the Oracle Database should be Oracle's top priority.

SearchOracle.com spoke with Newman about what he thinks Oracle can do to improve its patching policies. He also had some advice for database administrators (DBAs) who want to avoid being hacked, and for DBAs who have already been hacked and need to put on their detective hats. Here are some excerpts from that conversation: