Oracle customers can engage Third-Party Testers to perform authorized Security Testing against their Oracle Cloud Services and in accordance with this Testing Policy. When the security testing is not to be performed directly by the customers, unless otherwise agreed by Oracle in writing, Oracle requires that customers use a security tester on the “List Of Oracle Cloud Security Testers (PDF).”
See “Oracle cloud” page for a list of applicable limitations for security testing of Oracle Cloud Services.
Providing that the customer has specifically approved the sharing of sensitive information with the organization performing the Security Tests against the customer’s Cloud Service.
Facilitating the sharing of technical information between the Third-Party Tester and the Oracle Cloud development and security teams.
Ensuring that the Third-Party Tester is not subject to regulatory restrictions or associated with embargoed organizations.
Oracle will not accept unsolicited requests from security testers to be included in the List of Security Testers for Oracle Cloud. Only existing Oracle customers can request that Oracle consider including an additional security tester in the list.
After a customer submits a written request to add a testing organization to the List of Security Testers for Oracle Cloud, Oracle will assess the request, and engage with the testers to discuss operating procedures during testing, tester’s responsibilities, and the conditions to receive public credit for original findings.
In addition to satisfying the requirements of this Testing Policy, by using a Third-Party Tester to perform Security Tests of your Cloud Services, you agree to be responsible for the following:
Except as permitted by this Testing Policy or otherwise agreed to by Oracle in writing, You may not use any third party, or allow a Third-Party Tester you have engaged to use any third party, to conduct the Security Tests.
注:为免疑义,本网页所用以下术语专指以下含义: