Oracle recently announced the release of the newest edition of its PeopleSoft PeopleTools offering, version 8.52. PeopleTools is a set of tools that gives developers the power to create and customize PeopleSoft applications that stresses ease of use and efficiency. PeopleSoft PeopleTools 8.52 comes equipped with a host of new features that showcase Oracle’s continuing persistence in ensuring its customers get the most out of their PeopleSoft applications.
Headlining PeopleTools 8.52’s list of improvements is support for Apple’s popular iPad tablet. The move makes Oracle the lone enterprise resource planning vendor to provide an enterprise suite on the iPad, giving users the ability to access PeopleSoft on the go while maintaining the functionality and security one would normally expect in a stationary setting.
While iPad support is appealing, it’s just the tip of the iceberg when it comes to PeopleTools 8.52’s enhancements. The user interface has been upgraded to improve interactivity through the use of new pagelets and inter-pagelet communication features in PeopleTools’ Workcenters and Dashboards. This gives users the ability to configure and deploy applications with ease.
PeopleSoft Application Search has been added to supply PeopleSoft users with an intuitive keyword search. Desired information can be pinpointed quickly and easily thanks to search features that mimic common search engines. A related-action framework has been included in PeopleTools 8.52’s search to promote productivity, which is also enhanced via reporting improvements for Oracle BI Publisher, Oracle Essbase, PeopleSoft Query, and more.
Paco Aubrejuan, Oracle PeopleSoft’s Group VP, commented on PeopleTools 8.52 in the official press release: “Thousands of customers around the world depend on Oracle's PeopleSoft to help run their organizations, and any way we can improve user experience and adoption directly supports their business success. With the release of Oracle's PeopleSoft PeopleTools 8.52, we have delivered improvements to user interface, search and mobility to extend the value of PeopleSoft to our customers.”
Covidien’s global director of HRIS Lawrence J. Bastianelli III added: “Oracle delivers once again with PeopleTools 8.52! The functionality in PeopleTools 8.52 harnesses all the features that end-users need with an intuitive interface.”
Oracle Receives Criticism for its Latest Community Patch Update
Oracle’s latest Critical Patch Update (CPU) contained a total of 78 fixes. That number may seem high to some and produce an aura that Oracle is covering all bases with its patches, but some researchers are up in arms over the lack of attention the company is placing on databases.
Of the 78 fixes released in the CPU, only two covered databases. That number does not count MySQL patches, as those are mostly handled by the open-source community. The number of database-related patches in the most recent Critical Patch Update is a record for Oracle, albeit not a very positive one according to some, as it marks the lowest amount of their kind ever released since the company began its practice of issuing CPUs on a quarterly basis.
One particular researcher who has been very critical of Oracle’s patching process as it relates to databases is Alex Rothacker, manager of Application Security’s research division, TeamSHATTER. When asked about the most recent Oracle CPU, Rothacker said, “I am honestly shocked that they only fixed two database vulnerabilities.”
Rothacker’s shock comes from the fact that Application Security alone has detected nine vulnerabilities. Nine may not seem like a large number, but digging deeper shows that five of the vulnerabilities can lead to an escalation of privileges. Even worse, one of the vulnerabilities goes back all the way to 2009. Rothacker added that the nine vulnerabilities discovered by Application Security are probably just a small sample of the problems plaguing databases, as other researches have contacted Oracle with details on even more vulnerabilities. “There's definitely more stuff out there than just those nine,” he said.
As for why Oracle is issuing fewer and fewer database patches as time goes by, Wolfgang Kandek, CTO of Qualys, believes that since customers tend to apply database patches slowly, Oracle is simply responding to the demand. Kandek said: “Database patching is definitely slower than other areas, such as servers or workstations. You can find vulnerabilities and Oracle can fix them, but if customers do not install them or come back to Oracle and say, 'This is important for me,' it makes sense that Oracle could maintain that flow of patch schedule. The rollout schedule is a reflection of how much users actually pay attention to those things.”
Amichai Shulman, CTO of Imperva, offered another possible reason for the low amount of database patches: “Could there be obstacles in the security and testing process? While introducing MySQL into the patch process is a good thing, it emphasizes again scalability problems. With the introduction of a new product, especially when it shows 27 fixes in this CPU, you'd expect the number of overall patches in the CPU to increase. We assume the bottleneck exists due to the relative low number of vulnerabilities while the patch increases in terms of products covered.” Shulman added that Oracle also could still be working on unreleased fixes that are much more complicated and problematic than advertised, thus the low number of database patches in this particular CPU.