For good reasons some companies do not allow their Oracle Enterprise Manager to connect with the outside world. You do connect out of your comfortable secure environment and with every link to the outside world you create potentially a security issue. Even though it is very unlikely it could potentially be a security thread and if you are hosting confidential and/or high valuable data it is your responsibility to guard this in every way possible.
The other side of the coin is that having a proper patch management strategy in place is also a very important part of your security. If you have a large estate of Oracle products it is almost not humanly possible to keep up with all the patches and patch advisories so you do want to have a automated patch advisory system. This decision has to be made in your organisation with security as one of the main questions on the table.
Above you can see a screenshot of a 11GR1 patch advisory for a database installation from An oracle manual.
The Patch Advisor in Enterprise Manager describes critical software patches for your installed Oracle products. To help ensure a secure and reliable configuration, all relevant and current critical patches should be applied.
The Patch Advisor provides support for Remedies. When you select an advisory, you can view the calculated remedies from the context of that Advisory, as well as the affected Oracle homes.
The Patch Advisor also displays a list of available patches and patch sets for your installation, along with the name of the feature that is impacted. You can choose to display only patches for features that are used by your database, or all available patches.