Overview

Organizations worldwide rely on software controls to protect their computing environments and data both in the cloud and on premises. The aim of software security assurance is to produce software to operate at a level of security that is appropriate for its intended purpose and surrounding threat environment. The importance of data protection, increasingly complex regulations, and the operational costs associated with maintaining an appropriate security posture all require that organizations give careful consideration to how they approach software security and assess the security assurance practices of their technology suppliers.

Oracle Software Security Assurance

Encompassing every phase of the product development lifecycle, Oracle Software Security Assurance (OSSA) is Oracle’s methodology for building security into the design, build, testing, and maintenance of its products, whether they are used on-premises by customers, or delivered through Oracle Cloud. Oracle’s goal is to ensure that Oracle’s products help customers meet their security requirements while providing for the most cost-effective ownership experience.

Oracle Software Security Assurance is a set of industry-leading standards, technologies, and practices aimed at:

• Fostering security innovations. Oracle has a long tradition of security innovations. Today this legacy continues with solutions that help organizations implement and manage consistent security controls across the technical environments in which they operate, on-premises and in the clouds.

• Reducing the incidence of security weaknesses in all Oracle products. Oracle Software Security Assurance key programs include Oracle’s Secure Coding Standards, mandatory security training for development, the cultivation of security leaders within development groups, and the use of automated analysis and testing tools.

• Reducing the impact of security weaknesses in released products on customers. Oracle has adopted transparent security vulnerability disclosure and remediation policies. The company is committed to treating all customers equally, and delivering the best possible security patching experience through the Critical Patch Update and Security Alert programs.