-
Notifications
You must be signed in to change notification settings - Fork 566
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
1 changed file
with
37 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,37 @@ | ||
# Reporting security vulnerabilities | ||
|
||
Oracle values the independent security research community and believes that | ||
responsible disclosure of security vulnerabilities helps us ensure the security | ||
and privacy of all our users. | ||
|
||
Please do NOT raise a GitHub Issue to report a security vulnerability. If you | ||
believe you have found a security vulnerability, please submit a report to | ||
[[email protected]][1] preferably with a proof of concept. Please review | ||
some additional information on [how to report security vulnerabilities to Oracle][2]. | ||
We encourage people who contact Oracle Security to use email encryption using | ||
[our encryption key][3]. | ||
|
||
We ask that you do not use other channels or contact the project maintainers | ||
directly. | ||
|
||
Non-vulnerability related security issues including ideas for new or improved | ||
security features are welcome on GitHub Issues. | ||
|
||
## Security updates, alerts and bulletins | ||
|
||
Security updates will be released regularly as part of planned project releases. | ||
If needed this project will release security fixes in conjunction | ||
with the Oracle Critical Patch Update program. Additional information, | ||
including past advisories, is available on the Oracle [security alerts][4] page. | ||
|
||
## Security-related information | ||
|
||
We will provide security related information such as a threat model, considerations | ||
for secure use, or any known security issues in our documentation. Please note | ||
that labs and sample code are intended to demonstrate a concept and may not be | ||
sufficiently hardened for production use. | ||
|
||
[1]: mailto:[email protected] | ||
[2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html | ||
[3]: https://www.oracle.com/security-alerts/encryptionkey.html | ||
[4]: https://www.oracle.com/security-alerts/ |