Slashdot Mirror
Oracle Fixes Java Vulnerability Used By Russian Cyberspies (itworld.com)
itwbennett writes: Oracle said that it has fixed 154 security flaws in Java and a wide range of its other products, including one that Russian cyberespionage group Pawn Storm used to launch stealthy attacks earlier this year. The vulnerability, tracked as CVE-2015-4902, was being used by the Pawn Storm attackers to enable the execution of a malicious Java application without user interaction.
Every software company would go out of business. How many non-embedded, non-life critical developers here check every mathematical operation for under or over flows? How many computer systems are hardened against a random bit flip? And how would the world react to the sudden and massive increase in unemployment as all employees of those companies lose their jobs.
It'll never happen. Consumers don't care about buggy software and non-buggy software is too difficult to code. Perfect code can fail on bad hardware too.
I wonder how many of these security flaw bugs would happen if we made companies actually legal responsible for the flaws in them?
A lot fewer. Oracle fixed 154 security issues here, which means they are going through their code looking for them.
They should have done that a long time ago.
"First they came for the slanderers and i said nothing."
That's because we don't really hire software "engineers". We hire "hackers" in the literal sense of the term - people who hack and slash with crude brute force to just "Git 'R Dun!" as fast and as cheap as we can. It's like furnishing a house and all your furniture was made by the side of the road by a guy with a chain saw. No sanding, no gloss, no detail work, no mortise-and-tenon or complex joinery, just 10-penny nails and lots of splinters.
Or maybe a better analogy is particle board. Stamp on a pretty faux-woodgrain facade and ship it. Just hope it doesn't get wet.
We don't value polished quality work. As long as it's pretty and it's cheap, that's "good enough".