Updates on the Munich Security Conference 2017 » Source: Munich Security Conference Chancellor Merkel to give speech – President Gauck to receive E... Innovative third party add-on appliance helps MO... » UK: MOBOTIX AG - as part of a strategy to encourage partners to build a higher value solution, MOBOT... SentinelOne named a visionary for second straigh... » PALO ALTO, Calif: SentinelOne has announced it has been positioned by Gartner, Inc. in the Visionary... Send For Help one of the First Organisations ... » Send For Help is one of the first companies to be successfully audited against the latest version of... NATO Secretary General Jens Stoltenberg in a chat ... » Press Conference NATO Secretary General Jens Stoltenberg Good afternoon. We just conducted a goo... Trustis to provide Vormetric Data Encryption Servi... » LONDON, England: Thales has announced that its specialist cryptographic services provider Trustis ha... RiskIQ digital threat detection data indicates a... » London, UK: RiskIQ has released its annual malvertising report which indicates a sharp spike in malv... Ciena implements licensing solution from Flexera S... » Maidenhead, U.K: Flexera Software has announced that Ciena has implemented FlexNet Licensing and Fle... Checkmarx announces Open Beta for Scala Programm... » New York: Checkmarx has announced open beta support of the Scala programming language. The new capab... SERVICE PERSONEL WANT GREATER CHOICE ON WHERE THEY... » Service personnel want greater choice in deciding where they live, according to a survey on what the...

CLICK HERE TO

Viewpoints Header

In response to the news that Oracle has carried out an emergency security update on Java, Lamar Bailey, Director of Security Research and Development at nCircle has the following comments:

 

Here we go yet again. 2013 has seen a surge of critical vulnerabilities in IE, Java and Ruby on Rails. Attackers are targeting cross platform applications to try to obtain access to as many systems as possible using as few exploits as possible.

Oracle has taken a beating this year on Java. It is good to see they are fixing critical vulnerabilities in a code base they want to quit updating but it is past time for them to get serious and do a deep dive on Java to fix the security issues.

I have always thought Oracle did a good job of securing their products but I am losing some of my faith in them with the rash of Java vulnerabilities. I hope these security problems are not found in their other products. My advice to end users is to remove Java from your system and only install it when is needed to access a business critical application, then if possible run Java in a VM or an isolated environment. This is easier said than done as my Windows box had no less that 4 Java versions with various updates. I hope Oracle will assign a team of their best security engineers to Java to squash any of the remaining security issues. Until then many users will be updating Java as often as they update AV signatures.