- 3,733,845 Users
- 2,246,829 Discussions
- 7,856,892 Comments
Forum Stats
Discussions
Howdy, Stranger!
Categories
- 380.9K All Categories
- 2.1K Data
- 203 Big Data Appliance
- 1.9K Data Science
- 446.1K Databases
- 220.4K General Database Discussions
- 3.7K Java and JavaScript in the Database
- 22 Multilingual Engine
- 506 MySQL Community Space
- 459 NoSQL Database
- 7.7K Oracle Database Express Edition (XE)
- 2.8K ORDS, SODA & JSON in the Database
- 438 SQLcl
- 3.9K SQL Developer Data Modeler
- 185.4K SQL & PL/SQL
- 20.8K SQL Developer
- 291.3K Development
- 6 Developer Projects
- 117 Programming Languages
- 288K Development Tools
- 96 DevOps
- 3K QA/Testing
- 645.2K Java
- 18 Java Learning Subscription
- 36.9K Database Connectivity
- 148 Java Community Process
- 104 Java 25
- 22.1K Java APIs
- 137.7K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 12 Java Essentials
- 138 Java 8 Questions
- 85.9K Java Programming
- 79 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.2K Java SE
- 13.8K Java Security
- 195 Java User Groups
- 22 JavaScript - Nashorn
- Programs
- 179 LiveLabs
- 34 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.7K Other Languages
- 2.3K Chinese
- 165 Deutsche Oracle Community
- 1.2K Español
- 1.9K Japanese
- 225 Portuguese
How to Report Security Vulnerability as Security Researcher in Oracle
I have submitted a vulnerability Report on [email protected] since 3-4 days ago. but mail is not even opened. Please suggest me any further way to reach out and report.
Thanks
Answers
-
This is a public community/volunteer forum - not a channel that should be used for communicating officially with Oracle the organisation.
Also, most so-called security vulnerability reports are not security vulnerabilities.
As for the speed of response, this is largely based on the quality, technical details, and test cases, of the report.
As for mail-not-even-opened, that only shows ignorance about MIME headers in e-mails and the security risks of automated responses by mail server and/or mail client based on what the headers contain from an unknown party.
-
Thanks @Billy Verreynne for your response.
It also shows the security concern by Oracle Team! Btw Thanks
-
As a general statement, once you report an issue very limited feedback will be provided. This is intentional. We appreciate you reporting the issue, but for a variety of reasons we cannot share details regarding the investigation.
More details can be found here:
https://www.oracle.com/corporate/security-practices/assurance/
You can also report issues through Support, however the process is basically the same. So if you are expecting up to the minute feedback, you won't get it.
