Slashdot Mirror
OpenJDK May Tackle Java Security Gaps With A Secretive New Group (infoworld.com)
An anonymous reader quotes InfoWorld:
To shore up Java's security, a private group that operates outside the normal open source community process is under consideration. The proposed OpenJDK Vulnerability Group would provide a secure, private forum in which trusted members of the community receive reports on vulnerabilities in code bases and then review and fix them... The vulnerability group and Oracle's internal security teams would work together, and it may occasionally need to work with external security organizations.
Due to the sensitive nature of its work, membership in the group would be more selective, there would be a strict communication policy, and members or their employers would need to sign both a nondisclosure and a license agreement, said Mark Reinhold, chief architect of the Java platform group at Oracle. "These requirements do, strictly speaking, violate the OpenJDK bylaws," Reinhold said. "The governing board has discussed this, however, and I expect that the board will approve the creation of this group with these exceptional requirements." If the Java security group is approved, Andrew Gross, leader of Oracle's internal Java vulnerability team, would lead it.
Due to the sensitive nature of its work, membership in the group would be more selective, there would be a strict communication policy, and members or their employers would need to sign both a nondisclosure and a license agreement, said Mark Reinhold, chief architect of the Java platform group at Oracle. "These requirements do, strictly speaking, violate the OpenJDK bylaws," Reinhold said. "The governing board has discussed this, however, and I expect that the board will approve the creation of this group with these exceptional requirements." If the Java security group is approved, Andrew Gross, leader of Oracle's internal Java vulnerability team, would lead it.
I thought Oracle wanted to cut Java free? No?
Oracle wanted to burden someone else with maintaining Java EE, an extended version of Java. This would allow them to do the lesser job of extending Java SE if they so choose and free them from having to bother with security (Who knew security was so complicated? Nobody knew!). Since Java EE is a superset of Java SE, the Java EE maintainers would have clean up the messes Oracle makes when they add features.
Anons need not reply. Questions end with a question mark.
I'm going to set BOTH of you straight:
COBOL JOBS: 1,501
https://www.indeed.com/jobs?q=cobol&l=
JAVA JOBS: 63,769
https://www.indeed.com/jobs?q=java&l=
THIS should give you a general idea of the current market for the language
enter your city to narrow down
Sorry, what exactly is the security issue with Java? Aside from the shitty browser plugin, but that bit's as good as gone these days anyway.