As of 2011 to be eligible for Extended Support on Release 11.5.10 system you must meet defined minimum baseline patch requirements both for its core components such as the database and for the applications products in use.
All EBS Customers managing an 11i production instance should be familiar with the following support note. Patch Requirements for Extended Support of Oracle E-Business Suite Release 11.5.10 [ID 883202.1]
Oracle has made it mandatory to follow the guidelines in the above mentioned support document.
Most of us wait for something to break before patching any environments; in some case it makes sense since internal resources work on higher priorities, the patch installation process requires changes and that always implies Technical and Functional analysis and risk.
We are all facing the ongoing challenge of keeping up with the pace of required business changes. To make things even worse, the underlying IT infrastructure, which supports vital business functions within the company, is most often composed of heterogeneous components; a rule of thumb companies need to establish the reflex of having a patch strategy at all the layers below and to be pro-active.
As part of your process, make sure you look at the below tools that can improve your current patching process.
One way to keep track of the Family Packs and Mini packs that Oracle releases is with the free utility patchset.sh (I think it should be run quarterly to pro-actively manage your environment)
I think the most mis-understood part of the patching process is the use of the free Oracle Wizard Patch Tool. Oracle updates the PIB (Patch Information Bundle) file on a nightly basis with all high- priority and critical patch fixes required for your environment. I don’t think people are aware of the PIB file that gets updated by Oracle on a nightly basis.
Two other ways to further mitigate risk.
Analyze the possibility of using Oracle Integrated Stack Testing (OIST) product. www.oracle.com/us/corporate/features/oracle-integrated-stack-173395.pdf and always make sure you’re testing environment, mimics the production environment as closely as possible, with functional, peak load, and stress testing, to verify specific configurations with 3rd party products and company home grown applications.