OUGN Vårseminar 2013

The public face of Oracle’s product security is its quarterly security patches or Critical Patch Updates and the occasional Security Alert that fix vulnerabilities that are being actively exploited “in the wild”.  As well as reviewing Oracle's product vulnerability handling practices, this presentation will explain the core elements and challenges of the less public but broader and more important Oracle Software Security Assurance program including:

• Secure development processes and practices, and the foundation on which they're built, Oracle's Secure Coding and Development Standards that include lessons learned from past experiences
• Comprehensive security analysis and testing
• Secure configurations with guides and utilities to identify deviation from known secure states
• Independent product security testing evaluations and validations
• Building a decentralised, delegated, internal security community
• Applying security bar-raising changes
• Introducing cultural and process change to new product acquisitions