A lack of corporate mandates to quickly install Oracle Corp .s security patches may be leaving many Oracle database installations exposed to vulnerabilities. Only 26% of the 150-plus respondents said their companies require quarterly patch updates to be applied on all systems. Another 6% said they are required to install the patches on critical systems only, the IOUG and Oracle reported. 30% of respondents said they typically install patches before the company issues its next batch of fixes, according to the report.
Source: https://threatpost.com/oracle-shops-dont-mandate-use-security-patches-030209/72368/