Oracle Support recently made some organization changes to handle customer-reported security related issues more efficiently. As I am involved in analyzing security-related Service Requests (SR), I've assembled some notes about Oracle's processes, which may help should you need to report a security issue.
It goes without saying (but I'll say it anyway) that Oracle takes security extremely seriously and strives to be very proactive in this area. Our policy and procedures are designed to protect your data and ensure that issues are dealt with promptly.
Essential Reading
Oracle%20CPU%20Website%20Screenshot%20.png
* Critical Patch Updates and Security Alerts
* Security Vulnerability Fixing Policy and Process
These two pages explain in detail Oracle's policy and procedures for reporting security issues and provide details of the latest security patches and the quarterly Critical Patch Updates (CPU) .
Oracle Security Policy
Before going into the Support related aspects, here's something important from Oracle's Critical Patch Updates and Security Alerts page:-
As a matter of policy, Oracle will not provide additional information about the specifics of vulnerabilities beyond what is provided in the CPU or Security Alert notification, the pre-installation notes, the readme files, and FAQs. Oracle provides all customers with the same information in order to protect all customers equally. Oracle will not provide advance notification or "insider information" on CPU or Security Alerts to individual customers.
Original Source
http://blogs.oracle.com/stevenChan/2008/08/raising_ebusiness_suite_securi.html
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment