Oracle

A reactive approach to software security, namely following the security research community’s lead, has proven to be a winning strategy for Oracle Corp. in recent years.

Since 2008 the database giant has steadily trimmed the number of critical buffer-overflow vulnerabilities in the Oracle database server. Longtime thorn David Litchfield, however, may have forced Oracle to reassess its software security strategy after his talk Thursday at the 2012 Black Hat Briefings.

The Oracle (NSDQ:ORCL) Critical Patch Update (CPU) advisory for July has been issued with a total of 87 security patches across the company's overall product portfolio.

The most notable vulnerability involves Oracle JRockit, (CVE-3135), which is listed with a base score of 10.0, the highest and most critical rating available.

Oracle is planning to deliver 88 security fixes next Tuesday for a wide range of its products, according to a pre-release announcement posted to its website on Thursday.

A number of the bugs affect more than one product, and customers are advised to apply the patches as soon as possible, Oracle said.

After facing widespread criticism earlier this year for releasing its Java update weeks after Oracle patched the same vulnerabilities, Apple has released the platform's most recent update to correspond with Oracle's release.

On Tuesday, Oracle, the maker of Java, plugged 14 holes in Java SE, while Apple, which maintains its own version of the technology (now up to 1.6.0_33) in Mac OS X, also closed 11 of the same vulnerabilities. It is unclear if Apple will need to fix the remaining three flaws.

Oracle CEO Larry Ellison appears to have a healthy respect for Amazon Web Services. Why? It’s one of the few rivals he didn’t rant about.

And if imitation is flattery, it’s quite possible that Ellison is an AWS fan. Consider the following quote from Oracle’s cloud powwow.

A critical vulnerability Oracle's database product remains unpatched some four years after it was revealed, says the researcher who discovered it.

Oracle claimed to have patched the remote pre-authenticated vulnerability, dubbed TNS Poison, in April but security researcher Joxean Koret said the fix did not cover older versions.

That was quick. One day after Oracle asked for the right to assert a third patent against Google in the ongoing Android/Java intellectual property trial, Judge William Alsup has ordered that it is too late to introduce the patent into the case.

What if you owned the copyright on the French language? Or Swahili? That's essentially the claim Oracle is making when it says it owns the copyright to the Java language and its associated APIs. If Oracle gets its way, it could change software development forever. 

The issue looks to be decided in the lawsuit between Oracle and Google, which began with testimony in a San Francisco courtroom this week. The trial is expected to last up to 10 weeks.

Oracle considered buying Palm and BlackBerry maker Research In Motion as part of an aborted effort to build its own smartphone, Oracle CEO Larry Ellison said in court Tuesday. 

Oracle decided that RIM was too expensive and Palm wasn't competitive enough, and Oracle didn't have enough expertise in-house to develop a smartphone by itself, Ellison said. "We explored the idea (of building a phone) and decided it would be a bad idea," he told the court.

Oracle will release 88 vulnerability fixes across hundreds of its offerings as part of a scheduled quarterly security update. 

The fixes address flaws in its popular database servers, former Sun products, the Solaris operating system and the MySQL database, according to Qualys CTO Wolfgang Kandek. Qualys makes vulnerability management products.