Database is collection of data. Data is either information or details. If you are storing some data means those are important information or detail for you. It means your data is important for you. In short we can say that database is more important because it stores various kind of important information.
Basic task of Oracle DBA is to secure the database. There are lots of new features introduced by Oracle. Day by day usage of Oracle database may be found some vulnerability discovered by Oracle and customers. Oracle always provides critical patch for securing database and it is published every 3 months. Critical patch is nothing but compilation of security patching. This is very useful to you for removing security black holes from database which are found as vulnerabilities.
As per my recommendation, you should need to test every critical patch on your test database server and check integrity of database and application before apply on production database. Since critical patch may contains some privilege removing or parameter changes. If you found your application can work after applying critical patch of Oracle with some changes then you can deploy same critical patch on your production database.
Applying critical patch of Oracle is the best option to make secure your database. Hence critical patch contains collections of vulnerabilities removal scraps. Vulnerabilities are already tested by Oracle technicians and found by various affected customers. New vulnerabilities and security holes always introduced because new features are being introduced in databases. If I am not using some of Oracle feature then why I should need to apply critical patch – this question always raised by most of my clients. If you are not using any of database features then security risk does not becoming decreasing. Database always ships with all features of Oracle and when you are installing same database without knowing of security holes and bugs. An intruder or hacker knows only security black holes of Oracle database. Attacker always finds new black holes of database to hack database and stealing important information from database.
In short we can say that you know usage of feature of database and intruder finds security black holes of same feature to exploit the vulnerability. To prevent of known security holes & vulnerabilities of Oracle database the best option is to apply every critical patch of Oracle. Off course before apply critical patch on production, it should be needed to test on test database server.