From 7d4c30a8081eb34c1064d01d0230bdb672e168bf Mon Sep 17 00:00:00 2001 From: Lesia Chaban Date: Mon, 30 Jun 2025 14:47:00 +0300 Subject: [PATCH 1/3] Docs updates according to OGHO requirements According to OGHO requirements all Oracle GitHub Enterprise repos should have SECURITY.md, LICENSE.txt, CONTRIBUTIND.md and README.md files. This PR adds SECURITY.md file (recommended by Global Product Security Team) to the repo, references to SECURITY.md and CONTRIBUTIND.md files to the README.md. Signed-off-by: Lesia Chaban --- SECURITY.md | 38 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100644 SECURITY.md diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000..2ca8102 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,38 @@ +# Reporting security vulnerabilities + +Oracle values the independent security research community and believes that +responsible disclosure of security vulnerabilities helps us ensure the security +and privacy of all our users. + +Please do NOT raise a GitHub Issue to report a security vulnerability. If you +believe you have found a security vulnerability, please submit a report to +[secalert_us@oracle.com][1] preferably with a proof of concept. Please review +some additional information on [how to report security vulnerabilities to Oracle][2]. +We encourage people who contact Oracle Security to use email encryption using +[our encryption key][3]. + +We ask that you do not use other channels or contact the project maintainers +directly. + +Non-vulnerability related security issues including ideas for new or improved +security features are welcome on GitHub Issues. + +## Security updates, alerts and bulletins + +Security updates will be released on a regular cadence. Many of our projects +will typically release security fixes in conjunction with the +Oracle Critical Patch Update program. Additional +information, including past advisories, is available on our [security alerts][4] +page. + +## Security-related information + +We will provide security related information such as a threat model, considerations +for secure use, or any known security issues in our documentation. Please note +that labs and sample code are intended to demonstrate a concept and may not be +sufficiently hardened for production use. + +[1]: mailto:secalert_us@oracle.com +[2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html +[3]: https://www.oracle.com/security-alerts/encryptionkey.html +[4]: https://www.oracle.com/security-alerts/ From 42103637c0c2707ecd93770201ae06f3d482318e Mon Sep 17 00:00:00 2001 From: Lesia Chaban Date: Mon, 30 Jun 2025 14:47:29 +0300 Subject: [PATCH 2/3] Rename LICENSE to LICENSE.txt Signed-off-by: Lesia Chaban --- LICENSE => LICENSE.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename LICENSE => LICENSE.txt (99%) diff --git a/LICENSE b/LICENSE.txt similarity index 99% rename from LICENSE rename to LICENSE.txt index 8645e02..851252c 100644 --- a/LICENSE +++ b/LICENSE.txt @@ -32,4 +32,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. \ No newline at end of file +SOFTWARE. From f672da398b90ebf33a54cf4875a8864318db4c5e Mon Sep 17 00:00:00 2001 From: Lesia Chaban Date: Mon, 30 Jun 2025 14:48:17 +0300 Subject: [PATCH 3/3] Update README.md Signed-off-by: Lesia Chaban --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index bd9cd7d..eae7b43 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,10 @@ See [./deploy](./deploy/README.md) This project welcomes contributions from the community. Before submitting a pull request, see [CONTRIBUTING](./CONTRIBUTING.md) for details. +## Security + +Please consult the [security guide](./SECURITY.md) for our responsible security vulnerability disclosure process + ## License Copyright (c) 2021, 2022 Oracle and/or its affiliates.