To satisfy the requirement of threat and vulnerability management, Oracle uses QualysGuard from Qualys to discover and scan Oracle Enterprise Performance Management Cloud IT infrastructure and applications for security vulnerabilities and malware. QualysGuard delivers security intelligence data that aids with Oracle's security compliance processes.
Use of QualysGuard ensure that internet-facing servers, websites, and web applications are up to date and securely configured against malicious attacks. It also helps ensure that no uploaded malware exists in blogs and forum pages, and that web forms do not include potential hacking risks.
To prevent risks to our customers, Oracle does not provide additional information about the specifics of vulnerabilities beyond what is provided in the penetration test summaries. Oracle provides its customers with the same information to protect all customers equally. Oracle does not provide advance notification to individual customers. Finally, Oracle does not develop or distribute active exploit code (or proof of concept code) for vulnerabilities in our products. See Oracle Security Vulnerability Disclosure Policies.