github.com/verrazzano/verrazzano-monitoring-operator@v0.0.30/SECURITY.md (about)

     1  # Reporting Security Vulnerabilities
     2  
     3  Oracle values the independent security research community and believes that responsible disclosure of security vulnerabilities helps us ensure the security and privacy of all our users.
     4  
     5  Please do NOT raise a GitHub Issue to report a security vulnerability. If you believe you have found a security vulnerability, please submit a report to secalert_us@oracle.com preferably with a proof of concept. We provide additional information on [how to report security vulnerabilities to Oracle](https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html) which includes public encryption keys for secure email.
     6  
     7  We ask that you do not use other channels or contact project contributors directly. 
     8  
     9  Non-vulnerability related security issues such as new great new ideas for security features are welcome on GitHub Issues. 
    10  
    11  ## Security Updates, Alerts and Bulletins
    12  
    13  Security updates will be released on a regular cadence. Many of our projects will typically release security fixes in conjunction with the [Oracle Critical Patch Update](https://www.oracle.com/security-alerts/) program. Security updates are released on the Tuesday closest to the 17th day of January, April, July and October. A pre-release announcement will be published on the Thursday preceding each release. Additional information, including past advisories, is available on our [Security Alerts](https://www.oracle.com/security-alerts/) page.
    14  
    15  ## Security-Related Information
    16  
    17  We will provide security related information such as a threat model, considerations for secure use, or any known security issues in our documentation. Please note that labs and sample code are intended to demonstrate a concept and may not be sufficiently hardened for production use.
    18