oracle
diff --git a/‎ OWNERS ‎
Lines changed: 0 additions & 11 deletions b/‎ OWNERS ‎
Lines changed: 0 additions & 11 deletions
diff --git a/‎OWNERS_ALIASES‎
Lines changed: 0 additions & 25 deletions b/‎OWNERS_ALIASES‎
Lines changed: 0 additions & 25 deletions
diff --git a/‎RELEASE.md‎
Lines changed: 0 additions & 9 deletions b/‎RELEASE.md‎
Lines changed: 0 additions & 9 deletions
diff --git a/‎SECURITY.md‎
Lines changed: 40 additions & 22 deletions b/‎SECURITY.md‎
Lines changed: 40 additions & 22 deletions
diff --git a/‎SECURITY_CONTACTS‎
Lines changed: 0 additions & 14 deletions b/‎SECURITY_CONTACTS‎
Lines changed: 0 additions & 14 deletions
diff --git a/‎code-of-conduct.md‎
Lines changed: 0 additions & 3 deletions b/‎code-of-conduct.md‎
Lines changed: 0 additions & 3 deletions
@@ -1,22 +1,40 @@
-# Security Policy
-
-## Security Announcements
-
-Join the [kubernetes-security-announce] group for security and vulnerability announcements.
-
-You can also subscribe to an RSS feed of the above using [this link][kubernetes-security-announce-rss].
-
-## Reporting a Vulnerability
-
-Instructions for reporting a vulnerability can be found on the
-[Kubernetes Security and Disclosure Information] page.
-
-## Supported Versions
-
-Information about supported Kubernetes versions can be found on the
-[Kubernetes version and version skew support policy] page on the Kubernetes website.
-
-[kubernetes-security-announce]: https://groups.google.com/forum/#!forum/kubernetes-security-announce
-[kubernetes-security-announce-rss]: https://groups.google.com/forum/feed/kubernetes-security-announce/msgs/rss_v2_0.xml?num=50
-[Kubernetes version and version skew support policy]: https://kubernetes.io/docs/setup/release/version-skew-policy/#supported-versions
-[Kubernetes Security and Disclosure Information]: https://kubernetes.io/docs/reference/issues-security/security/#report-a-vulnerability
+# Reporting security vulnerabilities
+
+Oracle values the independent security research community and believes that
+responsible disclosure of security vulnerabilities helps us ensure the security
+and privacy of all our users.
+
+Please do NOT raise a GitHub Issue to report a security vulnerability. If you
+believe you have found a security vulnerability, please submit a report to
+[[email protected]][1] preferably with a proof of concept. Please review
+some additional information on [how to report security vulnerabilities to Oracle][2].
+We encourage people who contact Oracle Security to use email encryption using
+[our encryption key][3].
+
+We ask that you do not use other channels or contact the project maintainers
+directly.
+
+Non-vulnerability related security issues including ideas for new or improved
+security features are welcome on GitHub Issues.
+
+## Security updates, alerts and bulletins
+
+Security updates will be released on a regular cadence. Many of our projects
+will typically release security fixes in conjunction with the
+[Oracle Critical Patch Update][3] program. Security updates are released on the
+Tuesday closest to the 17th day of January, April, July and October. A pre-release
+announcement will be published on the Thursday preceding each release. Additional
+information, including past advisories, is available on our [security alerts][4]
+page.
+
+## Security-related information
+
+We will provide security related information such as a threat model, considerations
+for secure use, or any known security issues in our documentation. Please note
+that labs and sample code are intended to demonstrate a concept and may not be
+sufficiently hardened for production use.
+
+[1]: mailto:[email protected]
+[2]: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html
+[3]: https://www.oracle.com/security-alerts/encryptionkey.html
+[4]: https://www.oracle.com/security-alerts/