Global Product Security

Overview

Oracle’s goal is to ensure that Oracle's products, and the systems that leverage those products, remain as secure as possible. Encompassing every phase of the product development lifecycle, Oracle Software Security Assurance is Oracle's methodology for building security into the design, build, testing, and maintenance of its products.

Under the leadership of Oracle’s Chief Security Officer, Global Product Security promotes the use of Oracle Software Security Assurance standards throughout Oracle, acts as a central resource to help development teams improve the security of their products, and handles specialized security functions.

The Oracle Secure Development Community

The Oracle software technology stack is diverse. Development organizations retain the ownership of the code they developed by maintaining specialized security resources with deep knowledge of the security architecture of their products.

In order to foster this security community within Oracle, Global Product Security has implemented formal programs for the training of security personnel and has dedicated staff supporting the security community across development. This dotted-line approach enables a strong security expertise to be present throughout each development organization, and promotes the timely adaptation to security trends in these organizations.

Security Leads

Security Leads are individuals responsible for the adoption of Oracle Software Security Assurance policies and practices within their respective business units.

Security Points of Contact

Assigned by their respective Security Lead, Security Points of Contact (SPOCs) are responsible for the tactical implementation of Oracle Software Security Assurance at the product level.

Size of the Secure Development Community as of 09/2018

Security Leads 56
Security Points of Contact 1,711