An Oracle blog about PeopleSoft Technology

Security Testing and Defect Discovery

Greg Kelly
Product Strategy Director - Security
We are often asked, particularly in conversations with customers, if we do vulnerability, or penetration, testing with PeopleSoft and if we discuss the tools we use, or the external testing agencies.

The short answer is: Yes, we do vulnerability testing, as part of the release cycle; and no, we don't discuss the testing results, for security reasons. Product development adheres to Oracle's internal secure coding standards and practices.

This topic is timely, since the quarterly Critical Patch Update is due for release this month.

Since we are all merely standing on the shoulders of giants, I thought it would be useful to refer to a couple of great posts on the Oracle Global Product Security blog.

Oracle Software Security Assurance update (by Eric Maurice)


"... one of Oracle's highest priorities is the security of our customers. With Oracle Software Security Assurance, our objectives, policies, procedures, and people are all aligned with the intent of providing customers with the strongest security in all of our products."

Security Defect Testing (by Darius Wiles)


"... The increasing use of automated tools by Oracle is having an impact on the proportion of security defects that are discovered internally versus those reported by external sources. For reporting and tracking purposes, we categorize security defects into groups based on who found them, namely internal, customer and external."

Oracle Software Security Assurance


"... Oracle Software Security Assurance program ensures that Oracle products meet or exceed customers' security requirements, while also providing for the most cost-effective ownership experience."

All the links above are on oracle.com and none requires a separate login.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.