[18230] in bugtraq
How to Contact Oracle with Security Vulnerabilities
daemon@ATHENA.MIT.EDU (Rajiv Sinha)
Wed Dec 20 17:04:25 2000
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary="------------FABB679D3A94750F63EA2487"
Message-Id: <3A3FE361.17C075C7@oracle.com>
Date: Tue, 19 Dec 2000 16:38:25 -0600
Reply-To: Rajiv Sinha <rajiv.sinha@ORACLE.COM>
From: Rajiv Sinha <rajiv.sinha@ORACLE.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
This is a multi-part message in MIME format.
--------------FABB679D3A94750F63EA2487
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
How to Contact Oracle with Security Vulnerabilities
Oracle sincerely regrets the difficulty that its user community - its
customers, partners and all other interested
parties - has recently had in notifying Oracle of security
vulnerabilities in its products and locating subsequent
patches for these vulnerabilities.
Oracle has taken the following corrective measures to facilitate
notification of security vulnerabilities and location of security patch
information. Oracle will post Security Alerts on Oracle Technology
Network at URL: otn.oracle.com/deploy/security/alerts.htm. (A Security
Alert contains a brief description of the vulnerability, the risk
associated with it, workarounds and patch availability.) This URL also
provides mechanisms for supported customers to directly submit a
perceived security vulnerability in the form of an iTAR (Technical
Assistance Request) to Oracle Worldwide Support Services. Those
individuals who are not supported customers but who wish to report a
vulnerability can directly email Oracle at SECALERT_US@ORACLE.COM with
the details of the security vulnerability.
Oracle believes that these mechanisms make maximum use of its existing
customer support services, yet allow
non-supported Oracle users and security-interested parties to contact
Oracle directly and swiftly with information about security
vulnerabilities.
Oracle proactively treats security issues with the highest priority and
reiterates that it is committed to providing
robust security in its products. Oracle wishes to thank its user
community for its patience and understanding and
appreciates cooperation in this collaborative endeavor.
--------------FABB679D3A94750F63EA2487
Content-Type: text/x-vcard; charset=UTF-8;
name="rajiv.sinha.vcf"
Content-Transfer-Encoding: 7bit
Content-Description: Card for Rajiv Sinha
Content-Disposition: attachment;
filename="rajiv.sinha.vcf"
begin:vcard
n:Sinha;Rajiv
tel;fax:650.633.0489
tel;home:650.347.5015
tel;work:650.506.0922
x-mozilla-html:TRUE
url:http://otn.oracle.com/deploy/security
org:Oracle Corporation;Security Product Management
version:2.1
email;internet:rajiv.sinha@oracle.com
title:Senior Product Manager
adr;quoted-printable:;;MS 4OP5=0D=0A500 Oracle Parkway;Redwood Shores;CA;94065;USA
x-mozilla-cpt:;-28896
fn:Rajiv Sinha
end:vcard
--------------FABB679D3A94750F63EA2487--
