|
Product Definition
The secure development processes begin long before Oracle developers start building products. Oracle actively maintains a set of secure coding standards, as well as sets of libraries for security functions such as authentication and cryptography. Developers use these libraries to ensure secure design and avoid errors in implementation. To ensure that standards are uniformly adopted, Oracle provides security standards training for all its developers, product managers, release managers, and quality assurance staff.
Product Development
During the software development processes, Oracle incorporates a myriad of security tests, including:
- Attempts to break ("hack") its security mechanisms by experts within and outside its development teams
- Testing via specialized security vulnerability analysis tools, including comprehensive source code analysis capabilities
- Extensive security checklists to revalidate adherence to security standards throughout the development process
- Independent, third-party security evaluations by government and industry organizations
Ongoing Assurance
Oracle ships its products with up-to-date best-practices documents for secure configurations and deployments in the real world. When security vulnerabilities are uncovered, fixes are:
- Addressed in the main code so the most recent Oracle products have the greatest level of security
- Delivered via Critical Patch Update to customers deploying earlier versions of Oracle products
- Updated in Oracle's security standards in light of the new "lessons learned"
|
