The following principles are fundamental to using any application securely:

• Keep software up-to-date. Upgrade to the latest Service Catalog and Design product release and apply all appropriate patches.

• Limit privileges. Give users only as much access as necessary to perform their work. Review user privileges periodically to determine relevance to current work requirements.

• Monitor system activity. Establish access and frequency rules for system components and monitor those components.

• Install software securely. Use firewalls, secure protocols such as SSL, and secure passwords.

• Learn and use the Design Studio security features. Enforce user authorization, establish desktop lock policies, and employ source control.

• Use secure development practices. Leverage Service Catalog and Design security functionality.

• Stay informed. Read all security alerts and promptly install all security patches. See "Critical Patch Updates and Security Alerts" here:

  https://www.oracle.com/security-alerts/

Security for Service Catalog and Design focuses on a few key areas:

• Limiting use of Design Studio to authorized users

• Controlling access to cartridge management functions

• Protecting cartridge designs

• Preventing run-time cartridge archive tampering

The remaining sections in this document address each of these security considerations.