Survey out from Oracle and the Independent Oracle Users Group, "Security Patching Practices by Oracle Customers" (February 25, 2009). I thought it was interesting that 11% have never applied a patch, and close to 50% were at least 2 cycles (6 months) behind on current patch levels. The worry of impacting the availability or performance of production environments is the major obstacle to the application of security patches, which makes sense.
There is a link in the other post to a PDF of the report. I take you through there because I like the image they used :-)
3 weeks ago