Home page logo
/

isn logo Information Security News mailing list archives

Oracle Promises Enterprise Java Security Tweaks
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 4 Jun 2013 02:26:30 -0500 (CDT)

http://www.informationweek.com/security/application-security/oracle-promises-enterprise-java-security/240155912

By Mathew J. Schwartz
InformationWeek.com
June 03, 2013

Java security memo to enterprise IT managers: Better distributed client control capabilities, locked down Java servers and certificate-based controls are coming.

Those three upcoming Java security changes were outlined in "Maintaining the security-worthiness of Java is Oracle's priority," a Thursday blog post from Nandini Ramani, who heads Oracle's Java software development team and is responsible for Java security.

Already, Ramani said Oracle's Java developers have been practicing better secure development practices, including using more automated security testing tools, using better source code analysis tools, as well as hammering code with homegrown analysis tools designed to eliminate vulnerabilities that might be targeted using code-fuzzing techniques. He also noted that Oracle has refocused resources to help release Java security updates more quickly.

Veteran Java bug hunter Adam Gowdiak, CEO and founder of Poland-based Security Explorations, confirmed via email that Oracle has been responding to bug reports in just days -- instead of the weeks it used to take. Gowdiak also rated Oracle's Java patching speed as "slightly improved," saying that after Oracle receives a vulnerability report, it's been issuing a fix about two months later.

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org

  By Date           By Thread  

Current thread:
  • Oracle Promises Enterprise Java Security Tweaks InfoSec News (Jun 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]