node-oracledb/SECURITY.md

# Reporting security vulnerabilities

Oracle values the independent security research community and believes that
responsible disclosure of security vulnerabilities helps us ensure the security
and privacy of all our users.

Please do NOT raise a GitHub Issue to report a security vulnerability. If you
believe you have found a security vulnerability, please submit a report to
[secalert_us@oracle.com][1] preferably with a proof of concept. Please review
some additional information on [how to report security vulnerabilities to Oracle][2].
We encourage people who contact Oracle Security to use email encryption using
[our encryption key][3].

We ask that you do not use other channels or contact the project maintainers
directly.

Non-vulnerability related security issues including ideas for new or improved
security features are welcome on GitHub Issues.

## Security updates, alerts and bulletins

Security updates will be released on a regular cadence. Many of our projects
will typically release security fixes in conjunction with the
Oracle Critical Patch Update program. Additional
information, including past advisories, is available on our [security alerts][4]
page.

## Security-related information

We will provide security related information such as a threat model, considerations
for secure use, or any known security issues in our documentation. Please note
that labs and sample code are intended to demonstrate a concept and may not be
sufficiently hardened for production use.

[1]: mailto:secalert_us@oracle.com
[2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html
[3]: https://www.oracle.com/security-alerts/encryptionkey.html
[4]: https://www.oracle.com/security-alerts/
Update template text 2022-05-17 11:09:34 +08:00			`# Reporting security vulnerabilities`
Add a security policy file 2020-09-09 07:12:56 +08:00
Update template text 2022-05-17 11:09:34 +08:00			`Oracle values the independent security research community and believes that`
			`responsible disclosure of security vulnerabilities helps us ensure the security`
			`and privacy of all our users.`
Add a security policy file 2020-09-09 07:12:56 +08:00
Update template text 2022-05-17 11:09:34 +08:00			`Please do NOT raise a GitHub Issue to report a security vulnerability. If you`
			`believe you have found a security vulnerability, please submit a report to`
			`[secalert_us@oracle.com][1] preferably with a proof of concept. Please review`
			`some additional information on [how to report security vulnerabilities to Oracle][2].`
			`We encourage people who contact Oracle Security to use email encryption using`
			`[our encryption key][3].`
Update project doc 2020-11-29 06:40:07 +08:00
Update template text 2022-05-17 11:09:34 +08:00			`We ask that you do not use other channels or contact the project maintainers`
			`directly.`
Update project doc 2020-11-29 06:40:07 +08:00
Update template text 2022-05-17 11:09:34 +08:00			`Non-vulnerability related security issues including ideas for new or improved`
			`security features are welcome on GitHub Issues.`
Update project doc 2020-11-29 06:40:07 +08:00
Update template text 2022-05-17 11:09:34 +08:00			`## Security updates, alerts and bulletins`
Update project doc 2020-11-29 06:40:07 +08:00
Update template text 2022-05-17 11:09:34 +08:00			`Security updates will be released on a regular cadence. Many of our projects`
			`will typically release security fixes in conjunction with the`
Update the README and SECURITY files as per GitHub PR #1575 2023-06-27 21:21:33 +08:00			`Oracle Critical Patch Update program. Additional`
Update template text 2022-05-17 11:09:34 +08:00			`information, including past advisories, is available on our [security alerts][4]`
			`page.`

			`## Security-related information`

			`We will provide security related information such as a threat model, considerations`
			`for secure use, or any known security issues in our documentation. Please note`
			`that labs and sample code are intended to demonstrate a concept and may not be`
			`sufficiently hardened for production use.`

			`[1]: mailto:secalert_us@oracle.com`
			`[2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html`
			`[3]: https://www.oracle.com/security-alerts/encryptionkey.html`
			`[4]: https://www.oracle.com/security-alerts/`