Skip to content

Latest commit

 

History

History
30 lines (26 loc) · 1.59 KB

SECURITY.md

File metadata and controls

30 lines (26 loc) · 1.59 KB

Reporting security vulnerabilities

Oracle values the independent security research community and believes that responsible disclosure of security vulnerabilities helps us ensure the security and privacy of all our users.

Please do NOT raise a GitHub Issue to report a security vulnerability. If you believe you have found a security vulnerability, please submit a report to secalert_us@oracle.com preferably with a proof of concept. Please review some additional information on how to report security vulnerabilities to Oracle (see https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html) We encourage people who contact Oracle Security to use email encryption using our encryption key (see https://www.oracle.com/security-alerts/encryptionkey.html)

We ask that you do not use other channels or contact the project maintainers directly.

Security updates, alerts and bulletins

Security updates will be released on a regular cadence. Many of our projects will typically release security fixes in conjunction with the Oracle Critical Patch Update program. Additional information, including past advisories, is available on our security alerts page at https://www.oracle.com/security-alerts/

Security-related information

We will provide security related information such as a threat model, considerations for secure use, or any known security issues in our documentation. Please note that labs and sample code are intended to demonstrate a concept and may not be sufficiently hardened for production use.