OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: How to Contact Oracle with Security Vulnerabilities
From: Rajiv Sinha (rajiv.sinhaORACLE.COM)
Date: Tue Dec 19 2000 - 16:38:25 CST

How to Contact Oracle with Security Vulnerabilities

Oracle sincerely regrets the difficulty that its user community - its
customers, partners and all other interested
parties - has recently had in notifying Oracle of security
vulnerabilities in its products and locating subsequent
patches for these vulnerabilities.

Oracle has taken the following corrective measures to facilitate
notification of security vulnerabilities and location of security patch
information. Oracle will post Security Alerts on Oracle Technology
Network at URL: otn.oracle.com/deploy/security/alerts.htm. (A Security
Alert contains a brief description of the vulnerability, the risk
associated with it, workarounds and patch availability.) This URL also
provides mechanisms for supported customers to directly submit a
perceived security vulnerability in the form of an iTAR (Technical
Assistance Request) to Oracle Worldwide Support Services. Those
individuals who are not supported customers but who wish to report a
vulnerability can directly email Oracle at SECALERT_USORACLE.COM with
the details of the security vulnerability.

Oracle believes that these mechanisms make maximum use of its existing
customer support services, yet allow
non-supported Oracle users and security-interested parties to contact
Oracle directly and swiftly with information about security
vulnerabilities.

Oracle proactively treats security issues with the highest priority and
reiterates that it is committed to providing
robust security in its products. Oracle wishes to thank its user
community for its patience and understanding and
appreciates cooperation in this collaborative endeavor.