Slashdot Mirror

← Back to Stories (view on slashdot.org)

Oracle Responds To Java Security Critics With Massive 50 Flaw Patch Update

Posted by timothy on from the no-more-jeans-all-patches dept.

darthcamaro writes "Oracle has been slammed a lot in recent months about its lackluster handling of Java security. Now Oracle is responding as strongly as it can with one of the largest Java security updates in history. 50 flaws in total with the vast majority carrying the highest-possible CVSS score of 10."

5 of 270 comments (clear)

  1. Too late by Anonymous Coward · · Score: 5, Insightful

    The knee-jerk reaction of getting the patches for Java out now following public criticism is not going to make up for their previous apparent disinterest in supporting the platform. The damage they have done to the reputation of Java is incalculable, and I for one as a C++ programmer thank them for it!

  2. Confused. by Anonymous Coward · · Score: 5, Insightful

    I'm not sure how I feel about this;

    1. Good. It's awesome that Oracle are finally taking notice of java security issues and doing something positive.
    2. Bad. That's a lot of CVSS2.0 score 10 bugs they've been letting slide.
    3. Confused. How many more are there?

    1. Re:Confused. by _xeno_ · · Score: 5, Insightful

      3. Confused. How many more are there?

      I'm sure there are enough that I feel fairly confident in my advice to just not install Java unless you really, really need it. Which, unless you're a developer or a Minecraft addict, you really don't.

      So I have the JDK installed, but the plugin disabled. (Well, I have the 64-bit JDK installed and use 32-bit Firefox, which works well enough on that front.)

      --
      You are in a maze of twisty little relative jumps, all alike.
  3. Re:Clean up your shit, Oracle. by phantomfive · · Score: 5, Insightful

    Oracle's behavior isn't really making me want to go out and seek other Oracle products. And fuck, if I can't escape this piece software at work.

    Two good points, and the later is why Oracle doesn't care about the former.

    --
    "First they came for the slanderers and i said nothing."
  4. Re:*sigh*.... Java... by trims · · Score: 5, Insightful

    You forget the place that Java has had the most success: Enterprise computing.

    I'll agree that the sum total of the Java Plugin + JDK Libraries + JVM provides too much opportunity to attack on the desktop / web app space. There's simply too many flaws in the plugin and libraries. The JVM itself, though, is very solid (fewer than 10 major flaws over 15 years).

    However, Java as a middleware platform is simply far better than any of the alternatives, and that's where I expect it to remain. Insulated from the types of attacks that render Java dangerous on the desktop, middleware app servers play directly to Java's big strengths: speed, ease of development, and massive library support, plus a framework which helps discourage the types of coding flaws that hurt middleware computing the most. Java will likely remain king of middlewhere for a long time, and deservedly so.

    On the desktop or as a downloadable app, well, yes, Java is simply never going to measure up to the better cross-platform alternatives.

    -Erik

    --
    There are always four sides to every story: your side, their side, the truth, and what really happened.