Threat and Vulnerability Management

To satisfy the requirement of threat and vulnerability management, Oracle uses QualysGuard from Qualys to discover and scan the IT infrastructure and Oracle Fusion Cloud Enterprise Performance Management and Oracle Enterprise Data Management Cloud applications for security vulnerabilities and malware. QualysGuard delivers security intelligence data that aids with Oracle's security compliance processes.

Use of QualysGuard ensure that internet-facing servers, websites, and web applications are up to date and securely configured against malicious attacks. It also helps ensure that no uploaded malware exists in blogs and forum pages, and that web forms do not include potential hacking risks.

To prevent risks to our customers, Oracle does not provide additional information about the specifics of vulnerabilities beyond what is provided in the penetration test summaries. Oracle provides its customers with the same information to protect all customers equally. Oracle does not provide advance notification to individual customers. Finally, Oracle does not develop or distribute active exploit code (or proof of concept code) for vulnerabilities in our products. See Oracle Security Vulnerability Disclosure Policies.