1 | # Reporting security vulnerabilities
|
2 |
|
3 | Oracle values the independent security research community and believes that
|
4 | responsible disclosure of security vulnerabilities helps us ensure the security
|
5 | and privacy of all our users.
|
6 |
|
7 | Please do NOT raise a GitHub Issue to report a security vulnerability. If you
|
8 | believe you have found a security vulnerability, please submit a report to
|
9 | [secalert_us@oracle.com][1] preferably with a proof of concept. Please review
|
10 | some additional information on [how to report security vulnerabilities to Oracle][2].
|
11 | We encourage people who contact Oracle Security to use email encryption using
|
12 | [our encryption key][3].
|
13 |
|
14 | We ask that you do not use other channels or contact the project maintainers
|
15 | directly.
|
16 |
|
17 | Non-vulnerability related security issues including ideas for new or improved
|
18 | security features are welcome on GitHub Issues.
|
19 |
|
20 | ## Security updates, alerts and bulletins
|
21 |
|
22 | Security updates will be released on a regular cadence. Many of our projects
|
23 | will typically release security fixes in conjunction with the
|
24 | Oracle Critical Patch Update program. Additional
|
25 | information, including past advisories, is available on our [security alerts][4]
|
26 | page.
|
27 |
|
28 | ## Security-related information
|
29 |
|
30 | We will provide security related information such as a threat model, considerations
|
31 | for secure use, or any known security issues in our documentation. Please note
|
32 | that labs and sample code are intended to demonstrate a concept and may not be
|
33 | sufficiently hardened for production use.
|
34 |
|
35 | [1]: mailto:secalert_us@oracle.com
|
36 | [2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html
|
37 | [3]: https://www.oracle.com/security-alerts/encryptionkey.html
|
38 | [4]: https://www.oracle.com/security-alerts/
|