Cloud environments are partially managed by the cloud service provider. Cloud services also leverage technical resources that are shared by different cloud customers. These limitations are intended to help reduce distractions that could compromise our security teams’ ability to monitor the cloud environment and reduce risks for other tenants in the same Oracle Cloud environment.
Oracle has various contractual and legal obligations for the security of the Oracle Cloud Services. For example, in compliance with its legal obligations, Oracle will not allow testing by organizations or individuals under embargo. In addition, Oracle values the contribution of the security research community and has established working procedures with various security organizations to enable an effective sharing of information.
If the Security Testing in the Oracle Cloud Services is not performed directly by the customers, Oracle requires that customers use a security tester identified in the “List of Security Testers for Oracle Cloud”. Except as permitted by the Oracle Customer Security Testing Policy or otherwise agreed to by Oracle in writing, customers may not use any third party, or allow a Third-Party Tester you have engaged to conduct the Security Tests.
Oracle does not maintain an open bug bounty program at this time.
See the Oracle Cloud page on this site.
If you have questions that have not been addressed on this site. you should contact your account representative or Oracle Support through the support mechanism associated with the product you intend to test.
The purpose of functional testing is to validate features of Oracle Cloud services to assess whether they meet particular functional requirements or specifications. This is often referred to as black-box testing, regression testing, or unit testing whereby functionality of the application is assessed without the need to scrutinize internal structures or source code.
You are allowed to perform limited functional testing of Oracle Cloud services: