One issue that seems to come up often is whether to apply a patch immediately or wait to ensure its stable, etc.
In an eWeek article, ISS was quoted as saying:
I know that froma security standpoint you want to apply patches and updates that protect your system from known vulnerabilities. I am curious of others thoughts on balancing that versus the stability of the system.Quote:
Databases are also particularly vulnerable to attack, since DBAs are loathe to install patches that haven't been thoroughly tested
As they mentioned in the quote, if you have a mission-critical datbase that is running flawlessly and a new vulnerability is announced that is critical- do you patch immediately and risk screwing up the database, or do you hold off and risk getting hit by the vulnerability?
Here is the full article: Databases Ripe For Attacks