Wednesday Nov 18, 2015

PeopleTools CPU analysis and supported versions of PeopleTools (update for October 2015 CPU)

Questions often arise on the PeopleTools versions for which Critical Patch Updates have been published, or if a particular PeopleTools version is supported. 

The attached page shows the patch number for PeopleTools versions associated with a particular CPU publication. This information will help you decide which CPU to apply and when to consider upgrading to a more current release.

The link in "CPU Date" goes to the landing page for CPU advisories, the link in the individual date, e.g. Apr-10, goes to the advisory for that date.

The page also shows the CVE's addressed in the CPU, a synopsis of the issue and the Common Vulnerability Scoring System (CVSS) value.

To find more details on any CVE, simply replace the CVE number in the sample URL below.

Common Vulnerability Scoring System Version 2 Calculator

This page shows the components of the CVSS score

Example CVSS response policy

All the details in this page are available on My Oracle Support and public sites.

The RED column indicates the last patch for a PeopleTools version and effectively the last support date for that version.

Applications Unlimited support does NOT apply to PeopleTools versions.

Friday Oct 16, 2015

New PeopleTalk on Security

So it looks like I've gone mainstream!

I had the opportunity to have a talk with Marc Weintraub which has been posted on the PeopleSoft YouTube channel, here:

In this episode of PeopleSoft Talk, Marc talks with Greg Kelly about PeopleSoft security.

Don't forget to review the links in the associated My Oracle Support document:
My Oracle Support - Useful PeopleSoft Security Links: DocID 2060772.1


See other videos on the PeopleSoft channel


Wednesday Jul 15, 2015

Were you at Alliance, Collaborate, Interact this year, or wished you were?

This year, as well as uploading my PDF presentation, I've uploaded a couple of additional files.

The one you may find interesting is a short form Security Check List.

You can find it here: 

This is a supplement to the Securing Your PeopleSoft Application Red Paper (it includes the link) and it covers a number of points I've discussed with customers over the years. I include most of the check list as slides in my session but the PDF is an expanded set. The check list also contains a number of useful links.

In the discussions with customers we frequently find there are topics they have overlooked because they don't appear directly related to PeopleSoft security, but they are part of the overall infrastructure security and often managed by people outside of the PeopleSoft team. It's more important that as teams are reduced in size, that you build collaborative, virtual teams in the rest of your organization. I hope the check list will also provide the conversation starters to help build those virtual teams.

If you think some of the points are  topics by themselves, let me know and I can work on building out the information.

I appreciate any and all feedback. 

Sunday Jul 03, 2011

Oracle Critical Patch Update and Security Alerts

This is opportune, since the next Critical Patch Update will be released on July 19. You need to ensure that you, and other members of your team involved with systems maintenance and security receive these alerts. If you don't already, you can subscribe to the alerts on Oracle technology network, OTN.

Go to

Login with your My Oracle Support credentials.
Scroll to the bottom of the page, and click on "Subscribe"
Subscribe to security alerts.

By the way, anyone on your team should have an OTN account, it doesn't cost anything and doesn't get you on a spam mailing list, and they don’t need to have a personal My Oracle Support account. There’s a wealth of information on OTN.

Critical Patch Updates and Security Alerts

A great resource!
RSS Feed:
(This is really useful, just add it to your favorite feed reader)

From CPU alert page you can navigate to a particular advisory, including historical information.

For additional reference see the following  blogs: (where you're probably reading this!)

There are some PeopleTools security related posts here, but check the reader feeds as well under bookmarks on this page:
o Google Reader feed for PeopleSoft 
o Google Reader feed for Security

See also:
This is the Oracle security blog with great postings by people deeply involved in all aspects of security and the standards organizations.



Sunday Jul 04, 2010

Security Testing and Defect Discovery

[Read More]

Monday Mar 08, 2010

PeopleSoft Viewlets

[Read More]

Monday Sep 28, 2009

Why are we concerned about a "sniffer" behind the firewall?

[Read More]

Tuesday Feb 10, 2009

The insidious threat - the hacker behind the firewall

[Read More]

This blog provides information to the PeopleSoft community, about PeopleSoft Technology, otherwise PeopleTools.

For information about PeopleSoft see the PeopleSoft Strategy Blog.

For information about PeopleTools 8.53 and 8.54 see the PeopleTools Patch Updates.


« November 2015