|Tobias Frech||Aug 27, 2012 4:55 am|
|John Yeary||Aug 28, 2012 6:49 am|
|Víctor Orozco||Aug 28, 2012 8:46 am|
|Hildeberto Mendonça||Aug 30, 2012 12:34 am|
|John Yeary||Aug 30, 2012 5:27 am|
|Víctor Orozco||Aug 31, 2012 3:46 pm|
|Georges Saab||Sep 1, 2012 11:04 pm|
|Frans Thamura||Sep 1, 2012 11:19 pm|
|Mattias Karlsson||Sep 11, 2012 5:51 am|
|Frans Thamura||Sep 11, 2012 5:56 am|
|Donald Smith||Sep 11, 2012 6:01 am|
|Tobias Frech||Sep 11, 2012 9:27 am|
|Donald Smith||Sep 11, 2012 9:35 am|
|Toth, Csaba||Sep 11, 2012 12:53 pm|
|Hildeberto Mendonça||Sep 12, 2012 12:48 am|
|Subject:||[jug-leaders] Re: Java 7 0day|
|From:||Donald Smith (dona...@oracle.com)|
|Date:||Sep 11, 2012 6:01:52 am|
As Georges noted earlier:
The Oracle [security fixing] policy has a bit more nuance than this -- for reference it can be found here:
btw, I am not trying to suggest that the policy is perfect, just to facilitate knowing what it actually is.
I would add that the vulnerability disclosure policy can be found here: http://www.oracle.com/us/support/assurance/disclosure-policies/index.html
I would also echo that I'm not trying to suggest these policies are perfect, but am just trying to facilitate knowing that they exist, and what they are.
We do greatly appreciate any and all constructive feedback and links such as this.
On 11/09/2012 8:52 AM, Mattias Karlsson wrote:
Dear JUG Leaders,
I have tried to keep a calm and balanced view on this topic. Unfortunately that's not the case for the rest of the world... FUD or not... it effects many people. AND not only "Applets" or "plugins" The entire Java Platform... and the growth and acceptance for it.
Today our largest "tabloid" IT magazine woke up and published this LARGE first page... http://twitpic.com/atdzr8
The Experts - "Dump Java" "The Java Platform has serious security issues"
Continued: "Critics storm has recently reached hurricane strength and several security experts advise against company's from using Java" (not applets Java in general?)
It then continues more with the Security Officer at .SE (largest domain controler in Sweden) "It can be very serious for everybody. We have turnd Java off. Problems arise because it is complex software that has been patched and repaired long enough. Personally, I would be happy if Java was abandoned. Unfortunately prioritize software companies to come out with products to market quickly, rather than spending time at safety."
This said by a safety profile! .SE's Safety Manager that has been named the 2012 safety profile of Safety Awards. https://www.iis.se/en/om-se/ses-sakerhetschef-utsedd-till-arets-sakerhetsprofil
What should I do as JUG Leader and Java Champion? Stand up to the newspapers! (for that to happen, I would like some "inside" info on this OR the Java Champions" mailing lists... I would like to help and stand-up!)
OR at least expect Oracle to at least meet the journalists? "Oracle declined to comment on the criticism" http://translate.google.com/translate?hl=sv&sl=sv&tl=en&u=http%3A%2F%2Fcomputersweden.idg.se%2F2.2683%2F1.465018 <http://translate.google.com/translate?hl=sv&sl=sv&tl=en&u=http%3A%2F%2Fcomputersweden.idg.se%2F2.2683%2F1.465018>
Regards, Mattias Karlsson www.linkedin.com/in/mattiask <http://www.linkedin.com/in/mattiask>
Jfokus 2013 CfP is OPEN http://www.jfokus.com
i like more bugs publication... and java case is different with windows case, this is a push, to manage it, share how to fix it, or lets the media recommended, remove Java in your desktop, like IE6 .
windows is propietary and close development
i think that will be better these bugs to become part of OpenJDK rather Java SDK, and there are a community program to become patch team to fix the bugs.
i believe the bugs will become part of java ecosystem
should we wait oracle to fix it? how hard to fix it ? is there people that smart enough out there to fix it?