Oracle Software Security Assurance

Oracle Security Vulnerability Disclosure Policies

Oracle Security Vulnerability Disclosure Policies

In order to prevent undue risks to our customers, Oracle will not provide additional information about the specifics of vulnerabilities beyond what is provided in the Critical Patch Update (or Security Alert) advisory and pre-release note, the pre-installation notes, the readme files, and FAQs. Furthermore, Oracle provides all customers with the same information in order to protect all customers equally. Oracle does not provide advance notification to individual customers. Finally, Oracle does not develop or distribute active exploit code (or proof of concept code) for vulnerabilities in our products.

Need Help? Find it at My Oracle Support
Get Proactive! Take Advantage of Oracle Support Best Practices
    E-mail this page E-mail this page    Printer View Printer View