32 lines
1.6 KiB
Markdown
32 lines
1.6 KiB
Markdown
Reporting security vulnerabilities
|
|
==================================
|
|
|
|
Oracle values the independent security research community and believes that
|
|
responsible disclosure of security vulnerabilities helps us ensure the security
|
|
and privacy of all our users.
|
|
|
|
Please do NOT raise a GitHub Issue to report a security vulnerability. If you
|
|
believe you have found a security vulnerability, please submit a report to
|
|
secalert_us@oracle.com preferably with a proof of concept. Please review
|
|
some additional information on how to report security vulnerabilities to Oracle,
|
|
see https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html
|
|
|
|
We encourage people who contact Oracle Security to use email encryption using
|
|
our encryption key, see https://www.oracle.com/security-alerts/encryptionkey.html
|
|
|
|
We ask that you do not use other channels or contact the project maintainers
|
|
directly.
|
|
|
|
Security updates, alerts and bulletins
|
|
--------------------------------------
|
|
Security updates will be released on a regular cadence. Many of our projects
|
|
will typically release security fixes in conjunction with the Oracle Critical Patch
|
|
Update program. Additional information, including past advisories, is available on our
|
|
security alerts page at https://www.oracle.com/security-alerts/
|
|
|
|
Security-related information
|
|
----------------------------
|
|
We will provide security related information such as a threat model, considerations
|
|
for secure use, or any known security issues in our documentation. Please note
|
|
that labs and sample code are intended to demonstrate a concept and may not be
|
|
sufficiently hardened for production use.
|