Its taken them over 3 years to follow suit but Oracle are taking a page straight out of Microsoft's playbook by implementing an advance notice mechanism for its quarterly release of security patches.

But what will this tell us?

According to Oracle's website, the quarterly CPU (Critical Patch Update) started on Jan. 16. and included 55 patches!!! That includes 24 for bugs that can be exploited remotely by attackers!

Hmmm....

We started offering advance notice on monthly security bulletins in late 2003.

"Generally, such flaws -- characterized by Oracle as "remotely exploitable without authentication" -- are considered critical threats by security researchers and vendors. "

(InformationWeek - January 12, 2007)

Oracle's security response and patch release process has been criticised before

FInd out more here