Six Degrees Group educates public sector in cloud ... » LONDON, U.K: Six Degrees Group (6DG) has announced that it is continuing to educate the public secto... Security Industry Authority renews NSI's mandate t... » The Security Industry Authority (SIA) has renewed the National Security Inspectorate’s (NSI) mandate... Goodluck Jonathan: The limits of goodluck » A quintessential fibre of a discerning leader or anybody who aspires to a leadership position is mas... Dimension data launches strategy to help organis... » The rising cost of energy, real estate, and office space, coupled with growing pressure to implement... New learning materials for updated security qual... » A new range of learning resources has been launched by Highfield.co.uk to help educators and learner... UK: Service of commemoration scheduled for Marc... » The Prime Minister David Cameron announced yesterday in the House of Commons that a Service of Comme... Clavister launches entry-level W20 Firewall » Clavister has announced the launch of its new Clavister W20 firewall appliance. The new product is t... Tinubu Risk Management Center to go live in Janu... » Tinubu Square, the trusted source of credit risk solutions for trade credit insurers and businesses,... BAE Systems awarded £50 million contract » Photo: MoD Photo: MoD The Ministry of Defence (MOD) has awarded a £50m contract to BAE Systems t... Octavian opens new office in South Africa » Octavian Security has kicked off its ambitious 2015 growth plans by launching a new South African of...

CLICK HERE TO

Viewpoints Header

In response to the news that Oracle has carried out an emergency security update on Java, Lamar Bailey, Director of Security Research and Development at nCircle has the following comments:

 

Here we go yet again. 2013 has seen a surge of critical vulnerabilities in IE, Java and Ruby on Rails. Attackers are targeting cross platform applications to try to obtain access to as many systems as possible using as few exploits as possible.

Oracle has taken a beating this year on Java. It is good to see they are fixing critical vulnerabilities in a code base they want to quit updating but it is past time for them to get serious and do a deep dive on Java to fix the security issues.

I have always thought Oracle did a good job of securing their products but I am losing some of my faith in them with the rash of Java vulnerabilities. I hope these security problems are not found in their other products. My advice to end users is to remove Java from your system and only install it when is needed to access a business critical application, then if possible run Java in a VM or an isolated environment. This is easier said than done as my Windows box had no less that 4 Java versions with various updates. I hope Oracle will assign a team of their best security engineers to Java to squash any of the remaining security issues. Until then many users will be updating Java as often as they update AV signatures.