Welcome, from Oracle's Security Program Management Team
By blogsadmin on Apr 17, 2006
Welcome to Oracle's security blog.
My name is John Heimann and I manage Oracle's Security Program Management team. My team participates in security initiatives across Oracle, helping to enforce our security policies as well as looking for opportunities to improve our software security assurance processes. These extensive processes have been built up over the 25 years Oracle has been delivering secure software and include secure coding and configuration standards, developer training classes on these standards, developer and QA tools to find security bugs, and secure deployment guidelines for customers. These processes are subject to regular review � by us, and by customers - where we focus on ways in which we can improve what we�re doing. I recently wrote a white paper that details many of the processes that are in place to help ensure the security of Oracle�s products. If you�re interested in learning more, you can read it here.
Our primary means of communication is our Web site, which contains information about Oracle�s secure development processes, what we call the Critical Patch Update, which is a quarterly patch that bundles all security patches across Oracle�s product, security related product information, and other security related information at Oracle.
My team, and other teams handling security, use email blasts for communicating important security events. MetaLink users get these automatically, and non-MetaLink users can sign up to receive emails relating to security via OTN by following the instructions here.
We will use this blog to highlight and discuss topics that are best served by the more informal and discussive medium that blogs provide. We'll be commenting on Oracle security news, making you aware of new security resources as they become available and keeping you up to date on our latest security initiatives.