In recent years, there have been small rebellions against the increasing pace of life. The slow food movement tells us that burger chains and pizza parlours may not be the best food out there, and it’s worth a little wait to enjoy better-tasting cuisine.
ERP vendors, given the time it takes from the discovery of a vulnerability until it is fixed, seem to think in much the same way. The average time between the discovery of an exploit, the creation of a patch to fix this, and roll out of this patch to customers is 30 days, giving criminals ample opportunity to take advantage. It’s often longer. For example, in 2016, an SAP authentication vulnerability was patched that had first been reported in 2012. Beyond a handful of emergency patches, Oracle rolls up all of its patches into a quarterly Critical Patch Update.
To read the full article, visit Enterprise Management 360