Oracle reveals plans for Java security improvements

Discussion in 'other security issues & news' started by ronjor, Jun 1, 2013.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    https://www.infoworld.com/d/security/oracle-reveals-plans-java-security-improvements-219744
     
  2. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,802
    Location:
    Texas
    From the article.
    So, we shall see.
     
  4. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Mixed Reviews on Oracle’s Java Security Update:
    http://threatpost.com/mixed-reviews-on-oracles-java-security-update/
     
  5. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    :cautious: Keywords being: :cautious:
    @ Oracle - the proof is in the pudding, throw your third party bundlers out.
    Read your actual code before you release it - perhaps have Google give it a read.
    Minimize the amount of MSCONFIG items the software creates ! Remove the phone-home tools, - or - show some transparency and clearly show an opt-out.

    Software phoning home every day, every thirty minutes or at every start-up is no longer a de-facto "in-thing". Perhaps your Marketing department is as bloated and flawed as your software.

    I do not support businesses that employ your software as it is a bridge for additional exploits.
     
    Last edited: Jun 2, 2013
  6. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Not good enough, Oracle - promises to secure Java are too little, too late:
    http://nakedsecurity.sophos.com/2013/06/03/oracle-promises-secure-java/
     
  7. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  8. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  9. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Oracle Addresses Java’s Symptoms, But Doesn’t Cure Sickness:
    http://threatpost.com/oracle-addresses-javas-symptoms-but-doesnt-cure-sickness/
     
  10. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
  11. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,718
    Java used to be seen as one of the more secure/safer programming/development language. Unfortunately...

    Source: What the latest Java flaw really means

    There's also this: Why is Java labeled as a secure language

    As much as I and most others hate the slow response and constant security problems, I think we need to be fair to Oracle: Java is a prime target now. Imagine you are in their shoes: "your" program is constantly under attack and "you" need to ensure compatibility of sorts for enterprise use. Patching and/or redesigning the architecture without breaking things would be very hard and takes time. It wouldn't be an overnight process.

    It's easy to bash them but I'll give Oracle some benefit of doubt. I honestly hope they manage to come up with something that improves the situation. Quarterly release IMO is nuts, monthly or 6 weeks sounds like a better compromise to me.

    Meanwhile, here's a good article:
    Dealing with Java 7 vulnerabilities
     
Loading...
Thread Status:
Not open for further replies.