Importance of Software Security Assurance
As organizations worldwide increase their reliance on software controls to protect their computing environments and data, the topic of Software Security Assurance grows in importance. The tremendous potential costs associated with security incidents, the emergence of increasingly complex regulations, and the continued operational costs associated with staying up to date with security patches all require that organizations give careful consideration to how they address software security.
Oracle Software Security Assurance
Encompassing every phase of the product development lifecycle, Oracle Software Security Assurance (OSSA) is Oracle's methodology for building security into the design, build, testing, and maintenance of its products. Oracle's goal is to ensure that Oracle's products, as well as the customer systems that leverage those products, remain as secure as possible.
Oracle Software Security Assurance is a set of industry-leading standards, technologies, and practices aimed at:
Fostering security innovations. Oracle has a long tradition of security innovations. Today this legacy continues with Oracle's market leading database security and identity management solutions.
Reducing the incidence of security weaknesses in Oracle products. Oracle Software Security Assurance key programs include Oracle's Secure Coding Standards, mandatory security training for development, the cultivation of security leaders within development groups, and the use of automated analysis and testing tools.
Reducing the impact of security weaknesses in released products on customers. Oracle has adopted transparent security vulnerability disclosure and remediation policies. The company is committed to treating ALL customers equally, and delivering the best possible security patching experience through the Critical Patch Update and Security Alert programs.
Security built in, not bolted on—Oracle Software Security Assurance practices (“ongoing assurance”) extend throughout the lifecycle of Oracle software, from the initial design and specification phases, throughout development, pre-release, and post release phases
Equal treatment of all customers—Oracle Software Security Assurance key programs include Oracle's Secure Coding Standards, mandatory security training for development, the cultivation of security leaders within development groups, and the use of automated analysis and testing tools
Transparent security policies—Oracle has adopted transparent security vulnerability disclosure and remediation policies
Predictable security patching schedule—The Critical Patch Update schedule is posted a year in advance so as to allow organizations to lower their security management costs by implementing repeatable procedures for security patching
Security you can count on—Oracle submits its products to formal security evaluations (e.g., FIPS, Common Criteria) and informal security assessments (e.g., penetration testing, a.k.a. 'ethical hacking') to ensure that its products provide effective security controls