Secure Product Engineering

Oracle builds secure software through a rigorous set of formal, always evolving security standards, and practices known as Oracle Software Security Assurance (OSSA). OSSA encompasses every phase of the product development lifecycle.

You can find more information about OSSA at: https://www.oracle.com/corporate/security-practices/assurance/.

The cornerstones of OSSA are Secure Coding Standards and Security Analysis and Testing.

Secure Coding Standards include both general use cases and language specific security practices. You can find more information about these practices at: Coding Standards.

Security analysis and testing includes product specific functional security testing and both static and dynamic analysis of the code base. Static analysis is performed using tools including both internal Oracle tools and Fortify. Dynamic analysis focuses on APIs and endpoints using techniques like fuzzing to test interfaces and protocols. You can find more information at: Oracle Corporate Security Practices.

Specific security details of Oracle Hospitality Nor1 Cloud Services are addressed in detail later in this document.