LAS VEGAS—Buried in the pages of the secure configuration guide for Oracle EBusiness Suite 11i is a declaration that SQL injection just isn’t a thing for the ubiquitous enterprise software. “Of the many potential SQL injections we have seen reported, we have yet to find a single confirmed example,” the guide says. “That’s a like...

Oracle’s quarterly Critical Patch Updates (CPU) are known for their daunting volume, usually a disproportionately big number of fixes that database and system administrators have to deal with every three months. Yesterday’s CPU, however, takes the cake. Oracle pushed out the door a record 248 patches on Tuesday, for vulnerabilities across its product lines. That...

Oracle’s stewardship of Java has been scrutinized by the security community, which in 2013 languished through nearly a full year of targeted attacks exploiting zero days and other vulnerabilities in the platform. Since then, Oracle has improved the Java user experience by denying unsigned applets the ability to execute by default, and putting security restrictions...