Overview

As organizations worldwide increasingly rely on software controls to protect their computing environments and data both in the cloud and on premises, software security assurance grows in importance. The potential costs associated with security incidents, the emergence of increasingly complex regulations, and the continued operational costs associated with staying up to date with security patches all require that organizations give careful consideration to how they approach software security and assess the security assurance practices of their technology suppliers.

Oracle Software Security Assurance

Encompassing every phase of the product development lifecycle, Oracle Software Security Assurance (OSSA) is Oracle’s methodology for building security into the design, build, testing, and maintenance of its products, whether they are used on-premises by customers, or delivered through Oracle Cloud. Oracle’s goal is to ensure that Oracle’s products help customers meet their security requirements while providing for the most cost-effective ownership experience.

Oracle Software Security Assurance is a set of industry-leading standards, technologies, and practices aimed at:

• Fostering security innovations. Oracle has a long tradition of security innovations. Today this legacy continues with solutions that help organizations implement and manage consistent security controls across the technical environments in which they operate, on-premises and in the clouds.

• Reducing the incidence of security weaknesses in all Oracle products. Oracle Software Security Assurance key programs include Oracle’s Secure Coding Standards, mandatory security training for development, the cultivation of security leaders within development groups, and the use of automated analysis and testing tools.

• Reducing the impact of security weaknesses in released products on customers. Oracle has adopted transparent security vulnerability disclosure and remediation policies. The company is committed to treating all customers equally, and delivering the best possible security patching experience through the Critical Patch Update and Security Alert programs.