Information Security News
mailing list archives
Oracle Promises Enterprise Java Security Tweaks
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 4 Jun 2013 02:26:30 -0500 (CDT)
By Mathew J. Schwartz
June 03, 2013
Java security memo to enterprise IT managers: Better distributed client
control capabilities, locked down Java servers and certificate-based
controls are coming.
Those three upcoming Java security changes were outlined in "Maintaining
the security-worthiness of Java is Oracle's priority," a Thursday blog
post from Nandini Ramani, who heads Oracle's Java software development
team and is responsible for Java security.
Already, Ramani said Oracle's Java developers have been practicing
better secure development practices, including using more automated
security testing tools, using better source code analysis tools, as well
as hammering code with homegrown analysis tools designed to eliminate
vulnerabilities that might be targeted using code-fuzzing techniques. He
also noted that Oracle has refocused resources to help release Java
security updates more quickly.
Veteran Java bug hunter Adam Gowdiak, CEO and founder of Poland-based
Security Explorations, confirmed via email that Oracle has been
responding to bug reports in just days -- instead of the weeks it used
to take. Gowdiak also rated Oracle's Java patching speed as "slightly
improved," saying that after Oracle receives a vulnerability report,
it's been issuing a fix about two months later.
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
- Oracle Promises Enterprise Java Security Tweaks InfoSec News (Jun 04)