Bugtraq mailing list archives
How to Contact Oracle with Security Vulnerabilities
From: Rajiv Sinha <rajiv.sinha () ORACLE COM>
Date: Tue, 19 Dec 2000 16:38:25 -0600
How to Contact Oracle with Security Vulnerabilities Oracle sincerely regrets the difficulty that its user community - its customers, partners and all other interested parties - has recently had in notifying Oracle of security vulnerabilities in its products and locating subsequent patches for these vulnerabilities. Oracle has taken the following corrective measures to facilitate notification of security vulnerabilities and location of security patch information. Oracle will post Security Alerts on Oracle Technology Network at URL: otn.oracle.com/deploy/security/alerts.htm. (A Security Alert contains a brief description of the vulnerability, the risk associated with it, workarounds and patch availability.) This URL also provides mechanisms for supported customers to directly submit a perceived security vulnerability in the form of an iTAR (Technical Assistance Request) to Oracle Worldwide Support Services. Those individuals who are not supported customers but who wish to report a vulnerability can directly email Oracle at SECALERT_US () ORACLE COM with the details of the security vulnerability. Oracle believes that these mechanisms make maximum use of its existing customer support services, yet allow non-supported Oracle users and security-interested parties to contact Oracle directly and swiftly with information about security vulnerabilities. Oracle proactively treats security issues with the highest priority and reiterates that it is committed to providing robust security in its products. Oracle wishes to thank its user community for its patience and understanding and appreciates cooperation in this collaborative endeavor.
Attachment:
rajiv.sinha.vcf
Description: Card for Rajiv Sinha
Current thread:
- How to Contact Oracle with Security Vulnerabilities Rajiv Sinha (Dec 20)