Culture

Survey finds that 66% of Oracle users never install critical patches

Oracle users must be really trusting...and lazy.</p>

Matt Asay Contributing Writer

Matt Asay is a veteran technology columnist who has written for CNET, ReadWrite, and other tech media. Asay has also held a variety of executive roles with leading mobile and big data software companies.

See full bio

Matt Asay

Jan. 14, 2008 3:10 p.m. PT

If security is a process, Oracle's users have checked out of the process completely. As CNET's Dawn Kawamoto reports, two-thirds of Oracle users report that they have never installed an Oracle Critical Patch Update (CPU). That's "never" as in "not ever."

The data comes from a survey of Oracle database administrators, consultants, and developers by Sentrigo. It's shocking.

Perhaps it's also a testament to the robust security of Oracle's products. Let's assume that the respondents to this survey are representative of Oracle users generally. With 66% of Oracle's databases essentially unprotected and yet rarely compromised, that says something about their quality.

Or maybe it just means that database hackers are lazy. :-)

More seriously, I wonder why enterprises don't deploy the patches. Are they difficult to implement? Are they not explained well such that database administrators don't know why they should use them?

I don't know, but it would be fascinating to find out. It would also be interesting to know what percentage of MySQL users regularly patch their systems.