Databases Reference
In-Depth Information
fies them of the problem, they can fix it and better support their customers.
If you find a vulnerability, you can report them to the following resources:
Oracle:
E-mail to SECALERT_US@ORACLE.COM
SQL Server:
https://s.microsoft.com/technet/security/bulletin/aler-
tus.aspx
DB2:
www-306.ibm.com/software/support/probsub.html
Oracle even went out of its way back in 2001 and posted the following
notice on many forums:
How to Contact Oracle with Security Vulnerabilities
Oracle sincerely regrets the difficulty that its user community—its
customers, partners and all other interested parties—has recently had
in notifying Oracle of security vulnerabilities in its products and
locating subsequent patches for these vulnerabilities.
Oracle has taken the following corrective measures to facilitate
notification of security vulnerabilities and location of security patch
information. Oracle will post Security Alerts on Oracle Technology
Network at URL: otn.oracle.com/deploy/security/alerts.htm. (A
Security Alert contains a brief description of the vulnerability, the
risk associated with it, workarounds and patch availability.) This
URL also provides mechanisms for supported customers to directly
submit a perceived security vulnerability in the form of an iTAR
(Technical Assistance Request) to Oracle Worldwide Support Ser-
vices. Those individuals who are not supported customers but who
wish to report a vulnerability can directly email Oracle at
SECALERT_US@ORACLE.COM with the details of the security
vulnerability.
Oracle believes that these mechanisms make maximum use of its
existing customer support services, yet allow non-supported Oracle
users and security-interested parties to contact Oracle directly and
swiftly with information about security vulnerabilities.
Oracle proactively treats security issues with the highest priority
and reiterates that it is committed to providing robust security in its
products. Oracle wishes to thank its user community for its
patience and understanding and appreciates cooperation in this col-
laborative endeavor.
Search WWH ::
Custom Search