Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Subject: How to Contact Oracle with Security Vulnerabilities
From: Rajiv Sinha (rajiv.sinhaORACLE.COM)
Date: Tue Dec 19 2000 - 16:38:25 CST
- Next message: Dan Harkless: "Re: Solaris patchadd(1) (3) symlink vulnerabilty"
- Previous message: Perry E. Metzger: ""The End of SSL and SSH?""
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
How to Contact Oracle with Security Vulnerabilities
Oracle sincerely regrets the difficulty that its user community - its
customers, partners and all other interested
parties - has recently had in notifying Oracle of security
vulnerabilities in its products and locating subsequent
patches for these vulnerabilities.
Oracle has taken the following corrective measures to facilitate
notification of security vulnerabilities and location of security patch
information. Oracle will post Security Alerts on Oracle Technology
Network at URL: otn.oracle.com/deploy/security/alerts.htm. (A Security
Alert contains a brief description of the vulnerability, the risk
associated with it, workarounds and patch availability.) This URL also
provides mechanisms for supported customers to directly submit a
perceived security vulnerability in the form of an iTAR (Technical
Assistance Request) to Oracle Worldwide Support Services. Those
individuals who are not supported customers but who wish to report a
vulnerability can directly email Oracle at SECALERT_USORACLE.COM with
the details of the security vulnerability.
Oracle believes that these mechanisms make maximum use of its existing
customer support services, yet allow
non-supported Oracle users and security-interested parties to contact
Oracle directly and swiftly with information about security
Oracle proactively treats security issues with the highest priority and
reiterates that it is committed to providing
robust security in its products. Oracle wishes to thank its user
community for its patience and understanding and
appreciates cooperation in this collaborative endeavor.
- text/x-vcard attachment: Card for Rajiv Sinha