github.com/verrazzano/verrazzano@v1.7.0/SECURITY.md (about)

     1  # Reporting Security Vulnerabilities
     2  
     3  Oracle values the independent security research community and believes that responsible disclosure of security vulnerabilities helps us ensure the security and privacy of all our users.
     4  
     5  Please do NOT raise a GitHub Issue to report a security vulnerability. If you believe you have found a security vulnerability, please submit a report to secalert_us@oracle.com preferably with a proof of concept. We provide
     6  additional information on [how to report security vulnerabilities to Oracle](https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html) which includes public encryption keys for secure email.
     7  
     8  We ask that you do not use other channels or contact project contributors directly.
     9  
    10  Non-vulnerability related security issues such as great new ideas for security features are welcome on GitHub Issues.
    11  
    12  ## Security Updates, Alerts and Bulletins
    13  
    14  Security updates will be released on a regular cadence. Many of our projects will typically release security fixes in conjunction with the [Oracle Critical Patch Update](https://www.oracle.com/security-alerts/) program. Security
    15  updates are released on the Tuesday closest to the 17th day of January, April, July and October. A pre-release announcement will be published on the Thursday preceding each release. Additional information, including past
    16  advisories, is available on our [Security Alerts](https://www.oracle.com/security-alerts/) page.
    17  
    18  ## Security-Related Information
    19  
    20  We will provide security related information such as a threat model, considerations for secure use, or any known security issues in our documentation. Please note that labs and sample code are intended to demonstrate a concept and
    21  may not be sufficiently hardened for production use.