Is Your Software Vulnerable to Cybercrime?

    By: IOUG Headquarters on Mar 26, 2018

    Cybercrime is real. By 2021, estimates say the annual worldwide cost for cybercrime damages will reach $6 trillion . 65% of organizations say their in-house security capabilities are adequate —yet 80% have been negatively affected by a cybersecurity attack in the last year2.

    The average cost of a data breach in 2016 was $3.6 million . Many businesses never recover from the fallout. They face exposure of sensitive, proprietary information; operational disruption; system and file restoration; and fines and litigation. It may be more difficult to overcome the damage to their reputation and brand and the loss of their customers’ and employees’ trust.


    Governments See Growing Threat

    The E.U. General Data Protection Regulation (GDPR) provides a single set of rules to enhance data privacy and guarantee the security of personal data and data processing that will be enforceable May 25, 2018. Noncompliance or violation can lead to heavy fines .

     “The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the 1995 directive was established4.”


    Don’t Put Your Investment at Risk. Secure Oracle Software with Oracle Support

    Security patching is essential for securing enterprise software, including Oracle’s. If you can't access the source code, you can't develop security patches for it. That leaves your software open to attack and your business open to risk.

    “It is necessary for all organizations to establish a strong ongoing patch management process to ensure the proper preventive measures are taken against potential threats .”

    -United States Computer Emergency Readiness Team, U.S. Department of Homeland Security


    Oracle Support is the best way to legally receive mission-critical security updates and protection for your Oracle software. Oracle creates and owns the source code and can identify and address vulnerabilities and emerging threats in the source code.

    Oracle Software Security Assurance (OSSA) is Oracle’s methodology for building security into the design, build, testing, and maintenance of its products. Oracle’s goal is to ensure that the products are helping customers meet their security requirements while providing for the most cost-effective ownership experience.

    Oracle provides reliable security updates to the source code with security at every level—in every layer of the software stack and with regression testing across the full stack. Oracle has the tools, experience, and knowledge to provide proactive change management processes, a uniform release management process, and ongoing and unparalleled innovation.


    Predictable Critical Patch Updates

    The Critical Patch Update (CPU) is the primary mechanism for the backport of all security bug fixes for all Oracle products. Critical Patch Updates are released quarterly. Oracle issues Security alerts for vulnerability fixes deemed too critical to wait for distribution in the next CPU. Information about all previously released Security Alerts and Critical Patch Updates, along with the links to download security patches, is posted on the Security Alerts and Critical Patch Updates page.

    The release frequency for issuing the CPUs (quarterly) and the predictability of the CPU releases (fixed schedule) allow Oracle customers to develop recommendations for leveraging the Critical Patch Update and maintaining a proper security posture and a repeatable and cost-effective process for patching their Oracle systems.

    Stay on top of the evolving security landscape by subscribing to security notifications from Oracle. You will receive an e¬mail reminder at the time of the publication of each CPU. Premier Support Customers will also see a message about the availability of the CPU when they log onto the My Oracle Support portal.


    Simplified Product Patch Management

    Patch updates are cumulative for many Oracle products. This provides customers the ability to quickly “catch up” to the current security release level, since the application of the latest cumulative CPU resolves all previously addressed vulnerabilities.

    Get Proactive and Get More from Oracle Support

    Oracle invests heavily in enterprise support and ongoing innovation and delivers complete hardware and software coverage through our world-class support personnel and technologies. Oracle Support’s Get Proactive! program provides guidance related to three important customer objectives:

    • Prevent—maintain optimal system health and performance and prevent known problems and vulnerabilities from impacting operations.

    • Resolve—rapidly identify and resolve issues to minimize or negate downtime and free up resources for critical projects.

    • Upgrade—remove risk and time from the upgrade process, enabling cost savings and faster adoption of new product capabilities.

    You’ll find information regarding recommended tools, resources, and best practices, organized by objective and by product. You can learn more, and access the patching resources, on My Oracle Support’s Get Proactive page, just choose your product area to begin.

    My Oracle Support Resources

    Leverage My Oracle Support’s product-specific information centers or use the Quick Reference Guide for Search and Patches & Updates to search for the topic you need in My Oracle Support. You can find knowledgebase articles that have key links to security updates, resources, and vulnerabilities, focus on overall security, and product-specific patching. Let’s take a deeper look at one Oracle product to illustrate some of the resources available to help you with patching.

    Patching Oracle E-Business Suite

    • The Oracle Support accreditation program is often a good source to learn or refresh your knowledge. In the E-Business Suite accreditation, you can find a short video on using the patch wizard and one on the Patching and Maintenance Advisor that helps you locate patches and maintenance advisors, create a patching strategy, and use best practices. Oracle Support Lifecycle Advisors provide a quick reference point for key product-specific Advisors.

    • Using the My Oracle Support search will also help you locate relevant documents for your product for more details, or if you prefer reading to videos.

    • The Patching & Maintenance Advisor: E-Business Suite (EBS) R12.2 walks you step-by-step through each stage of the process. It also contains links to resources like videos, information centers, and other related information.

    • The How to Find E-Business Suite & E-Business Suite Technology Stack Patches knowledgebase article helps you find the patches you need including patches for the Oracle standalone and edge applications. Other tabs cover Oracle Support policies, minimum patch levels, and related patching resources.

    • You can find knowlegebase articles for specific releases, like Oracle E-Business Suite Release 12.2: Online Patching FAQ with search.

    • My Oracle Support Community can provide quick answers from peers and Oracle experts. The E-Business Suite Patching Community is a direct channel to a dedicated team of E-Business Suite patching experts and will provide you with a single destination to resolve your patch-related issues. The Resolve your E-Business Suite Patching Incidents Faster in My Oracle Support Community article provides an introduction on how to get started with the patching specialists.

    You’ll find other Oracle products have similar resources available.



    Get More From Oracle

    When your business is on the line, there is no substitute for trusted, secure, and comprehensive support.


    Learn More:

    • Is Your Software Vulnerable to Cybercrime? (infographic)

    • Oracle’s Security Vulnerability Remediation Practices

    • Oracle Premier Support

    • My Oracle Support’s Get Proactive page (Doc ID 432.1)


    Released: March 26, 2018, 8:29 am | Updated: April 3, 2019, 1:00 pm
    Keywords: Feature | SELECT Journal | SELECT | SELECT Journal

    Copyright © 2019 Communication Center. All Rights Reserved
    All material, files, logos and trademarks within this site are properties of their respective organizations.
    Terms of Service - Privacy Policy - Contact

    Independent Oracle Users Group
    330 N. Wabash Ave., Suite 2000, Chicago, IL 60611
    phone: 312-245-1579 | email:

    IOUG Logo

    Copyright © 1993-2019 by the Independent Oracle Users Group
    Terms of Use | Privacy Policy