Hi, I am Reshma Banerjee. I joined Oracle as part of the BEA acquisition. At BEA, I managed the team that handled all external communications with security researchers and also dealt with the release of security advisories for all BEA products. I am now part of the Oracle Security Alerts group, tasked with similar responsibilities. The Oracle Security Alerts group manages the quarterly releases of Critical Patch Updates and handles most external communications with security researchers.
Various BEA operations and processes are now integrated with those at Oracle. Soon after the acquisition, in July of 2008, the BEA products transitioned to the Oracle Critical Patch Update (CPU) program. In the past, BEA security advisories were released about every 3-6 months and sometimes on an as-needed basis without a pre-published schedule as opposed to the CPU schedule, which is published one year in advance. I believe the predictability provided by the CPU will benefit BEA customers. Customers can now plan ahead to incorporate these updates in their release and upgrade schedules, helping to minimizing impact on their production schedule.
In addition, the profiles of customers who subscribed to receiving targeted communications as part of the BEA security outreach program have been transitioned to Oracle.com. These customers will continue to receive the communications they were subscribed to. Most of the subscribers have been sent an email informing them of this change and received instructions on how to login to their new Oracle.com account. However, profile migration is still pending for the countries where the legal entity change has not completed from BEA into Oracle.
Finally, the transition from the BEA systems to the My Oracle Support portal, formerly known as MetaLink, was completed on February 2nd 2009. As a result, support for the BEA products is now available through the Oracle Global Customer Support (GCS) systems. Customers attempting to navigate to the BEA eSupport (i.e. support.bea.com) will be redirected to the site dedicated to information about the BEA acquisition. As a result of this transition BEA customers will be able to use self-service functionality, such as ARU/Metalink, to download patches for all BEA products. Finally, BEA security advisories that were hosted on support.bea.com have been migrated to http://www.oracle.com/technology/deploy/security/beaarchive.html and BEA security advisory fixes are available through the My Oracle Support portal.
My experience with this transition has been positive. I feel that the integrated Oracle and BEA teams have quickly made a significant effort to align many of the BEA processes and tools. Of course, this is an ongoing effort!
In a Future Blog, I will provide more information regarding the updates in the security advisory policies for the BEA products resulting from the integration with Oracle.
