Friday, June 18, 2021

‘Redesign’ needed to fix Java

Oracle Corp. should adopt a more stringent development process akin to that of Microsoft Corp. in order to deal with patch problems that have been plaguing the Santa Clara, Calif-based software and database management company, according to several security experts.

The United States Department of Homeland Security on January 11 advised computer uses to disable Java plug-ins in their browsers due to a major vulnerability discovered by security researchers some two weeks earlier.

Java issued an emergency security patch to update Java 7 and stop the zero-day exploit. The patch, however, failed to prevent two new vulnerabilities which enable attackers to control computers using the software.

Oracle’s inability to decisively deal with the problem indicates that the company’s security policies are “broken” according to security experts interviewed by Computerworld.com. One of them said it illustrates that Oracle’s three-times-a-year Java patch does not adequately protect the software’s users.

The experts suggested that Oracle adopt something akin to Microsoft’s Security Development Lifecycle. The SDL involves regular code reviews during the development of a product and built-in practices to reduce vulnerabilities during the design phase.

Read the rest of the story here

Would you recommend this article?

0
0

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada

Related Tech News