CVEs and Oracle products
Date: Fri, 6 Jun 2014 13:43:08 -0300
Message-ID: <CACH2EDKq8Bq_gfm3LGJNKgqT6EVjTcRd=gzFZyF1waqUGLo6Xg_at_mail.gmail.com>
I was wondering, does Oracle have a CVE equivalency database that would let us enter a CVE and find out if it applies to any Oracle products and what versions, if any? (Most of the time probably the CVEs don't apply.)
Bureaucrats sometimes forward e-mails about CVE numbers and want us to assure them that we're "safe" and entering CVE numbers in My Oracle Support doesn't usually turn up anything.
I am guessing that for DBAs in more secure environments this is routine stuff, thought maybe someone might be able to provide some pointers.
I know about the typical advice like "stay up-to-date with your software versions" -- except for that OpenSSL bug LOL which got some people in trouble, no memory sticks or used to be CDs (esp. if people are outside your building handing them out for free), passwords are not all that secure (some employees are willing to give them up for a little gift at the door), social engineering, don't trust your own employees, etc. etc. I am just looking for a lookup site somewhere that we might be able to trust.
- Patrice My profiles: [image: Facebook] <http://www.facebook.com/home.php?#!/profile.php?id=100000206805521>[image: LinkedIn] <http://ca.linkedin.com/pub/patrice-boivin/a/933/5a9>[image: Twitter] <http://www.twitter.com/PatriceBoivin> <http://www.twitter.com/PatriceBoivin> Signature powered by WiseStamp <http://www.wisestamp.com/email-install>
-- http://www.freelists.org/webpage/oracle-lReceived on Fri Jun 06 2014 - 18:43:08 CEST