Security Expert Says Java Vulnerability Could Take Years To Fix, Despite Patch

Posted by samzenpus on Monday January 14, 2013 @05:25AM from the long-road-coming dept.

An anonymous reader writes "After the Department of Homeland Security's US-CERT warned users to disable Java to stop hackers from taking control of users' machines, Oracle issued an emergency patch on Sunday. However, HD Moore, chief security officer of Rapid7, said it could take two years for Oracle to fix all the security flaws in the version of Java used to surf the web; that timeframe doesn't count any additional Java exploits discovered in the future. 'The safest thing to do at this point is just assume that Java is always going to be vulnerable,' Moore said."

1 of 320 comments (clear)

Min score:

Reason:

Sort:

Re:Applies to all outside software by sfm · 2013-01-14 06:01 · Score: -1, Troll

Trying to use 'todays' internet with Java disabled is not a viable option. A realistic estimate is that over 70% of all common websites require Java to function correctly.
It is unfortunate that so many web developers use Java in places where it just isn't required. While I agree that Java Script does provide needed functionality in some situations, that is not the case in many (most) applications.
If this latest SNAFU gets developers to rethink using Java (or any similar tool), it may actually be a benefit to the web.