UNPKG

oracledb/SECURITY.md

Version:

1.74 kBMarkdownView Raw

1# Reporting security vulnerabilities
2
3Oracle values the independent security research community and believes that
4responsible disclosure of security vulnerabilities helps us ensure the security
5and privacy of all our users.
6
7Please do NOT raise a GitHub Issue to report a security vulnerability. If you
8believe you have found a security vulnerability, please submit a report to
9[secalert_us@oracle.com][1] preferably with a proof of concept. Please review
10some additional information on [how to report security vulnerabilities to Oracle][2].
11We encourage people who contact Oracle Security to use email encryption using
12[our encryption key][3].
13
14We ask that you do not use other channels or contact the project maintainers
15directly.
16
17Non-vulnerability related security issues including ideas for new or improved
18security features are welcome on GitHub Issues.
19
20## Security updates, alerts and bulletins
21
22Security updates will be released on a regular cadence. Many of our projects
23will typically release security fixes in conjunction with the
24Oracle Critical Patch Update program. Additional
25information, including past advisories, is available on our [security alerts][4]
26page.
27
28## Security-related information
29
30We will provide security related information such as a threat model, considerations
31for secure use, or any known security issues in our documentation. Please note
32that labs and sample code are intended to demonstrate a concept and may not be
33sufficiently hardened for production use.
34
35[1]: mailto:secalert_us@oracle.com
36[2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html
37[3]: https://www.oracle.com/security-alerts/encryptionkey.html
38[4]: https://www.oracle.com/security-alerts/

1	`# Reporting security vulnerabilities`
2
3	`Oracle values the independent security research community and believes that`
4	`responsible disclosure of security vulnerabilities helps us ensure the security`
5	`and privacy of all our users.`
6
7	`Please do NOT raise a GitHub Issue to report a security vulnerability. If you`
8	`believe you have found a security vulnerability, please submit a report to`
9	`[secalert_us@oracle.com][1] preferably with a proof of concept. Please review`
10	`some additional information on [how to report security vulnerabilities to Oracle][2].`
11	`We encourage people who contact Oracle Security to use email encryption using`
12	`[our encryption key][3].`
13
14	`We ask that you do not use other channels or contact the project maintainers`
15	`directly.`
16
17	`Non-vulnerability related security issues including ideas for new or improved`
18	`security features are welcome on GitHub Issues.`
19
20	`## Security updates, alerts and bulletins`
21
22	`Security updates will be released on a regular cadence. Many of our projects`
23	`will typically release security fixes in conjunction with the`
24	`Oracle Critical Patch Update program. Additional`
25	`information, including past advisories, is available on our [security alerts][4]`
26	`page.`
27
28	`## Security-related information`
29
30	`We will provide security related information such as a threat model, considerations`
31	`for secure use, or any known security issues in our documentation. Please note`
32	`that labs and sample code are intended to demonstrate a concept and may not be`
33	`sufficiently hardened for production use.`
34
35	`[1]: mailto:secalert_us@oracle.com`
36	`[2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html`
37	`[3]: https://www.oracle.com/security-alerts/encryptionkey.html`
38	`[4]: https://www.oracle.com/security-alerts/`