1 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.

2 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.

The following is intended to outline our general product direction. It is intended for information purposes only, and may not be incorporated into any contract. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making purchasing decisions. The development, release, and timing of any features or functionality described for Oracle’s products remains at the sole discretion of Oracle.

3 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.

Who are we?

• Applications Product Security– Eric Bing– Erik Graversen– Robert Armstrong

4 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.

What do we do?

• External– Secure Configuration– Security Certifications (DB Vault, TDE, ASO, Masking…)– Security vulnerabilities and Critical Patch Updates

• Internal– Coordinate the Oracle Software Security Assurance Program

(OSSA)

5 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.

Q&A

6 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.

What’s New – Secure ConfigurationSecurity Related News

• New Secure Config Guides (11i - 189367.1 , 12 - 403537.1)– Stricter Profile Option Settings [FND_%VALIDATION] (11.5.10.2+)

(Note 946372.1)– Non-Reversible password hashing for FND_USERs– AFPASSWD is a FNDCPASS replacement (12.1.3)– AdminDesktop Utility– DO3475 “PUBLIC Grants on Restricted Packages”

• Certified with Transparent Data Encryption (Col & TS)

7 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.

What’s New – Separation of DutiesSecurity Related News

• Sensitive Administrator Functionality (Note 1334930.1)

• Using E-Business Suite Plug-In (ACP) for SOD during patching (Note 1363260.1)

• Start/Stop CM without Apps password (12.1.3)

• Certified with Database Vault

8 Copyright © 2011, Oracle and/or its affiliates. All rights reserved.