When that yielded no useful details about the patch, the reader tried one more time to explain to Oracle why he needed to know more. "Oracle sends out this alert and expects us to jump with no information on which to base a business decision," he wrote Oracle. "Do we have the staff to do it? What other projects will suffer due to diverting resources to applying the update? That's just the beginning. You do not account for the time it takes to follow Oracle's own recommended procedures for applying patches: apply to demo environment, compare to test environment, apply to test environment, test, compare to production environment, apply to production environment, pray nothing breaks. That doesn't even take into account that all development on all PeopleSoft-related projects is halted or delayed because we can't develop at one patch level and apply it to an application running at a different patch level during the time it takes to evaluate a patch/update and apply it to a production environment. It can take up to three months to do this properly. The timeframe can be shortened, of course, but again, we have no information on which to base any decisions. ALL of these considerations are part of the decision making process, regardless of consideration to critical issues."
Ultimately, though, his requests fell on deaf ears. "The bottom line is simply that, despite the fact we're paying thousands of dollars per year for 'support' from them, Oracle will not disclose the information we require. I know from my phone conversations with the support manager that mine is not the only company pressing for specific information about the patch. I can only imagine the IT staff of those organizations are pulling their collective hair out. Our decision, given that we cannot justify the interruption to MIS activities and a certain amount of inevitable system downtime in the face of no information from which to base a decision, is to not install the latest patch. Risks be damned, Oracle be damned, but if no one will disclose the information we require, how can we justify any other decision?"
After all, there's no security in a security update that may cause a customer more problems than it fixes. What's your take on Oracle's patch policy? Call the Gripe Line at 1 888 875-7916 or write me at Foster@gripe2ed.com.
Read and post comments about this story here.
This whitepaper explains the terminology and concepts behind Data Replication technologies and establishes some sizing rules through worked examples. Learn the new paradigm in disaster tolerance—protect data anywhere.
Download now »
Server virtualization is a popular option for dealing with mounting datacenter costs. Another equally promising approach is the use of an Application Delivery Controller. Citrix NetScaler provides a low-cost way for organizations to reduce their server count and accrue cost savings from a reduction in space, cooling, power and personnel.
Download now »
The emergence of WLANs has created a new breed of security threats to enterprise networks.
Included in HP ProCurve WLAN solutions is security technology that alleviates threats from WLANs through:
* Monitoring wireless activity inside and out of the enterprise
* Classifying WLAN transmissions into harmful and harmless
* Preventing transmissions that pose a security threat to the enterprise network
* Locating participating devices for physical remediation
Effectively address data protection challenges, implementing solutions that help store and protect business–critical data while cutting costs and improving efficiency and reliability.
Download now »
Sign up to receive Business Resource Alerts
Recommend This
