Forum Stats

  • 3,733,845 Users
  • 2,246,829 Discussions
  • 7,856,892 Comments

Discussions

How to Report Security Vulnerability as Security Researcher in Oracle

User_OUSHB
User_OUSHB Member Posts: 2 Green Ribbon

I have submitted a vulnerability Report on [email protected] since 3-4 days ago. but mail is not even opened. Please suggest me any further way to reach out and report.

Thanks

Answers

  • Billy Verreynne
    Billy Verreynne Member Posts: 28,263 Red Diamond

    This is a public community/volunteer forum - not a channel that should be used for communicating officially with Oracle the organisation.

    Also, most so-called security vulnerability reports are not security vulnerabilities.

    As for the speed of response, this is largely based on the quality, technical details, and test cases, of the report.

    As for mail-not-even-opened, that only shows ignorance about MIME headers in e-mails and the security risks of automated responses by mail server and/or mail client based on what the headers contain from an unknown party.

  • User_OUSHB
    User_OUSHB Member Posts: 2 Green Ribbon

    Thanks @Billy Verreynne for your response.

    It also shows the security concern by Oracle Team! Btw Thanks

  • Michael Ferrante-Oracle
    Michael Ferrante-Oracle Senior Principal Product Manager USMember Posts: 6,627 Employee

    As a general statement, once you report an issue very limited feedback will be provided. This is intentional. We appreciate you reporting the issue, but for a variety of reasons we cannot share details regarding the investigation.

    More details can be found here:

    https://www.oracle.com/corporate/security-practices/assurance/

    You can also report issues through Support, however the process is basically the same. So if you are expecting up to the minute feedback, you won't get it.

Sign In or Register to comment.