Polish Researcher: Oracle Knew For Months About Java Zero-Day

dutchwhizzman writes "Polish security researcher Adam Gowdiak submitted bug reports months ago for the current Java 7 zero-day exploit that's wreaking havoc all over the Internet. It seems that Oracle can't — or won't? — take such reports seriously. Is it really time to ditch Oracle's Java and go for an open source VM?"

Re:Why are people still using this?

[binarylarry]

You sound like someone who shouldn't be giving technical advice.

C/C++ has advantages over Java, just like Java has advantages over C/C++

Saying you should use one over the other for every purpose is foolhardy.

Ask Toolbar Really ?

This is the programming language that still bundles the "Ask Toolbar" crapware with their installer. Nuff said.

Re:Ditch Java entirely.

[characterZer0]

Ditch Java applets entirely.

Re:No

[X0563511]

The real problem here is the quarterly patch cycle that seems to ignore the severity of security bugs. If you want to do a quarterly cycle that's fine - but you need to make exceptions for security bugs.

As a former Oracle dev

[juancn]

Oracle is a huge organisation. I mean mindbogglingly huge (think planet Vogon). There is a lot of red tape that you have to cut to get anything done, and in 4 months they're probably still scheduling meetings to figure out if it should be fixed, and when, and by whom.

Unless an SVP gets involved, it's unlikely that it will be rushed.

Re:As a former Oracle dev

[NettiWelho]

Perhaps they should, you know, have a department dedicated to handling these kinds of things in a timely manner then?