CyberSecurity Institute

The company said Thursday that it will release security bulletins and accompanying patches for its products on Jan. 18, April 12, July 12 and Oct. 18. The bulletins will address security vulnerabilities for products such as Application Server, E-Business Suite and Enterprise Manager and will be issued through the company’s support Web site.

“Organizations prefer regular, planned schedules for patching their information technology systems,” Mary Ann Davidson, chief security officer of Oracle, said in a statement. “The quarterly schedule strikes a balance between issuing patches often enough to protect customers from serious vulnerabilities while making it easier for customers to manage the maintenance process.”

The schedule is also designed to avoid common blackout dates; many organizations are not allowed to update systems at the end of the quarter when they are closing their books.

Oracle also said the updates could help cut the cost of applying patches by delivering a single patch for fixing multiple vulnerabilities. The move reflects an industry trend of software companies releasing fixes to tackle security vulnerabilities in their products on appointed dates.

http://news.zdnet.com/2100-1009_22-5458541.html?part=rss&tag=feed&subj=zdnet

During a keynote speech at the company’s IT Forum conference in Copenhagen, Denmark, Gates outlined Microsoft’s ambitious effort to trim the cost of managing corporate data centers, called the Dynamic Systems Initiative. Microsoft’s DSI is a multiyear plan to wring greater productivity out of systems operators, who oversee company networks.

Microsoft also announced systems management-related product updates, including the first public test release of an automatic Windows update service.

With better management tools, administrators can handle more tasks, such as updating server patches, more quickly. Improved systems administration has become a high priority for Microsoft’s business software division. Company executives point out that the majority of information technology budgets are dedicated to running existing systems, rather than creating new business applications.

Microsoft competes with IBM, Hewlett-Packard and other companies in the systems management software market.

The first products to come from Microsoft’s DSI will appear next year with the release of Visual Studio 2005, the company’s flagship programming tool. With it, developers are expected to begin to build applications that are less likely to crash or suffer from poor performance, Microsoft claims. During his speech, Gates discussed the longer-term vision for DSI as well as how Microsoft is seeking to improve its management tools, said David Hamilton, director of Microsoft’s Windows and enterprise management division.

Hamilton said that future Microsoft management products, namely Systems Management Server and Microsoft Operations Manager, will be designed to monitor performance of data center components by tracking Microsoft-defined “models.” The models will describe the health of an application, its configuration and the tasks it supposed to perform, he said. These models can be defined by programmers with a modeling tool that will be part of Visual Studio 2005 Team System, which is set to be available in the first half of next year.

For example, a developer can indicate that an e-mail application needs to run on four servers and have a certain amount of bandwidth to meet expected demand. “Models are a way of tracking the instrumentation of the application in real time,” Hamilton said. “Getting the models right is absolutely critical.”

Gates also discussed a new smart card, from a company called Axalto, that can be programmed using Microsoft’s development tools. The smart cards can then be used as a secure mechanism for logging onto corporate networks, in conjunction with Microsoft’s existing Active Directory and Identity Integration Server software.

By describing the company’s long-term plans for DSI, Microsoft hopes to get developers and systems operators familiar with the company’s future products and recruit third-party companies to build add-ons to Microsoft’s systems management software, Hamilton said.

Also at IT Forum, Microsoft said that it has started a wide-scale beta testing program for its Windows Update Service for sending out Windows patches, and that its Microsoft Operations Manager 2005 product and Virtual Server 2005 software are generally available worldwide. The company also released enhancements to SMS 2003 for easing large-scale desktop deployments and for installing software on Windows handheld devices.

http://news.zdnet.com/2100-3513_22-5453730.html?tag=adnews

The company’s “chief trustworthy computing strategist”, Scott Charney told delegates at Microsoft’s IT Forum (ran week of 15th November 2004) that the company had to improve its communication to the industry.

In addition to working on building more secure products by design, promoting security training and development and easing patch management, the company is partnering with hardware makers and security companies, Charney said. Charney portrayed security as his mandate, saying that when government initially ceded the Internet and computers to the public domain, it also gave away its role as protector.

http://www.techworld.com/security/news/index.cfm?NewsID=2628