Looking at the technology products (Application Server and RDBMS) requiring Oracle’s January Critical Patch Update (CPU)it was evident that Foundation patterns provide the level of precision needed to help organizations identify instances requiring the patch.

Oracle CPU: http://www.oracle.com/technology/deploy/security/critical-patch-updates/cpujan2008.html
Oracle RDBMS pattern: http://www.tideway.com/tknwiki/index.php/Oracle_RDBMS
Oracle AS pattern: http://www.tideway.com/tknwiki/index.php/Oracle_Application_Server

Oracle recommend that organizations “have a complete inventory of Oracle products across the IT enterprise, with full version numbers” however do not appear to have a solution for this. As a result we hear that many organizations are unable to apply the CPUs and as a result are exposing themselves to critical security vulnerabilities.

Tideway is exploring the feasibility of providing critical patch data to augment discovered data in order to help customers identify and track removal of critical security vulnerabilities.

Please tell us if you share the issues described above, which vendors / products you would most need to monitor for vulnerabilities, sources of critical patch information that you refer to and if there are currently any critical vulnerabilities that you need to identify.