Some Oracle customers are being forced to wait for their monthly security patches. The company said that some difficulties with testing meant that some April updates would not be available until 15 May. Previously, the company had said that updates would be released on 1 May.
Oracle usually releases about 150 patches in its Critical Patch Updates every three months.
The problem with the April update is that some of the patches have not yet passed the comprehensive suites of tests that Oracle uses to ensure that they will not disrupt customer's applications, said Darius Wiles, manager of Oracle Security Alerts.
"There were some [updates] that failed out of the test suite, so we needed some more time to test them," Wiles said.
Oracle is particularly eager to complete testing and release updates for some of the more widely used versions of its database, including version 220.127.116.11 and 10.1.0.4. But the company first needs to ensure that the new software will not disrupt customers, Wiles said.
Security researcher and Oracle critic David Litchfield believes that by waiting so long to update some versions of its products, Oracle is undermining the value of its regular patch release cycle, which is designed to provide customers with regular, predictable software updates.
Litchfield criticised both the lateness of the updates and their quality.
"The whole point of a regular patch cycle is that people can plan ahead and install once," said Litchfield, managing director of Next Generation Security Software. "But if you are having to install it nine times, where's the benefit of that?"
Litchfield estimates that two-thirds of Oracle's supported products are now unpatched, leaving many users vulnerable.
But Wiles countered that the problem appears to be worse than it is. Because updates for some applications, such as Oracle's application server, are dependent on the database fixes, there has been a bottleneck effect with the updates. "Once we get the database stuff cleared, there are going to be a whole bunch of products that are going to be patched."