Session ID: 10992

Abstract: Oracle Critical Patch Updates (CPU) are released by Oracle quarterly. As these security patches for the Oracle E-Business Suite, database, and application server/WebLogic must be tested in multiple non-production environments, most organizations do not apply these critical security fixes for at least 30 days and in many cases 180 or more days. This session examines the security impact of not apply the security patches and how to effectively mitigate the security risks and close the window between when the security patches are released and can be eventually applied to the application and technology stack.

Objective 1: Review the status of Critical Patch Updates for each Oracle E-Business Suite version.

Objective 2: Outline the risks associated with not applying Oracle E-Business Suite security patches.

Objective 3: Discuss technology stack security risks for desupported Oracle E-Business Suite versions.

Objective 4: Describe types of security vulnerabilities fixed by Critical Patch Updates.

Objective 5: Discuss mitigation strategies when Critical Patch Updates cannot be applied.

Audience: Technical