Security Expert Says Java Vulnerability Could Take Years To Fix, Despite Patch

Posted by samzenpus on Monday January 14, 2013 @05:25AM from the long-road-coming dept.

An anonymous reader writes "After the Department of Homeland Security's US-CERT warned users to disable Java to stop hackers from taking control of users' machines, Oracle issued an emergency patch on Sunday. However, HD Moore, chief security officer of Rapid7, said it could take two years for Oracle to fix all the security flaws in the version of Java used to surf the web; that timeframe doesn't count any additional Java exploits discovered in the future. 'The safest thing to do at this point is just assume that Java is always going to be vulnerable,' Moore said."

1 of 320 comments (clear)

Min score:

Reason:

Sort:

Re:Java used to be secure and sandboxed by ewibble · 2013-01-14 06:05 · Score: 0, Offtopic

I don't see how this scored 4 when the parent scores 2, it even states that the problem is slow response from oracle.
Nothing against you zero.kalvin, just the rating system seem a bit screwed.