Aside from using costly commercial vulnerability scanners, are there any easy techniques to produce a management friendly report on what security patches are missing from an Oracle 11g database? Or better still to produce a “fully security patched” type assurance report to management.
Could you provide simple steps to get to the report, or direction to a sample report?
Also, excuse my ignorance, but I have heard systems administrators say they often fall behind on database security patches as they are concerned applying the patch could cause issues with the proper functioning of the application, is this a valid concern or a load of nonsense? Have you ever applied a security patch that has had an unfortunate knock on effect on the application that it drives.
Please keep answers simple to a non DBA/management freindly.