Beset by some very public vulnerabilities in Java, and apparently unable to properly patch those bugs, Oracle must dramatically step up its security game, experts said this week.
“Oracle should just take a mulligan and redesign Java before everyone completely loses faith in it, and those concerns leak over onto every Oracle product,” said Andrew Storms, director of security operations at nCircle Security, in an email.
Storms and others were reacting to the latest “zero-day” vulnerability in Java’s browser plug-in, a flaw spotted two weeks ago being exploited by several crimeware kits. Oracle patched the bug on Jan. 13, but researchers quickly pointed out that the patch itself was flawed.
Even after Oracle patched the vulnerability, the U.S. Computer Emergency Readiness Team (US-CERT), part of the U.S. Department of Homeland Security, took the highly unusual step of continuing to urge users to disable Java in their browsers, citing “the number and severity of this and prior Java vulnerabilities” as its reason.
To read this article in full or to leave a comment, please click here
Source: http://www.computerworld.com/s/article/9235997/Experts_prod_Oracle_to_fix_broken_Java_security
SYNTEL SYNTAXBRILLIAN SYNOPSYS SYNNEX SYMANTEC SYKES ENTERPRISES INORATED SYBASE
No comments:
Post a Comment