15 messages in net.java.dev.jugs.jug-leaders[jug-leaders] Re: Java 7 0day| From | Sent On | Attachments |
|---|---|---|
| Tobias Frech | Aug 27, 2012 4:55 am | |
| John Yeary | Aug 28, 2012 6:49 am | |
| Víctor Orozco | Aug 28, 2012 8:46 am | |
| Hildeberto Mendonça | Aug 30, 2012 12:34 am | |
| John Yeary | Aug 30, 2012 5:27 am | |
| Víctor Orozco | Aug 31, 2012 3:46 pm | |
| Georges Saab | Sep 1, 2012 11:04 pm | |
| Frans Thamura | Sep 1, 2012 11:19 pm | |
| Mattias Karlsson | Sep 11, 2012 5:51 am | |
| Frans Thamura | Sep 11, 2012 5:56 am | |
| Donald Smith | Sep 11, 2012 6:01 am | |
| Tobias Frech | Sep 11, 2012 9:27 am | |
| Donald Smith | Sep 11, 2012 9:35 am | |
| Toth, Csaba | Sep 11, 2012 12:53 pm | |
| Hildeberto Mendonça | Sep 12, 2012 12:48 am |
| Subject: | [jug-leaders] Re: Java 7 0day | |
|---|---|---|
| From: | Víctor Orozco (caba...@gmail.com) | |
| Date: | Aug 28, 2012 8:46:39 am | |
| List: | net.java.dev.jugs.jug-leaders | |
2012/8/28 John Yeary <john...@gmail.com>
There is an article from ARSTechnica recommending the same thing.
Any comments?
John
____________________________
John Yeary
____________________________ *NetBeans Dream Team* *President Greenville Java Users Group Java Users Groups Community Leader Java Enterprise Community Leader*
For me the main issue is not the security flaw by itself but the image that is giving for Java as the new Flash for exploits because of the lack of an easier mechanism for fast zero day updates or a visible source of information about security flaws and the actions to erase the bugs.
I know that OpenJDK has a bug tracker but I'm a developer that loves Java. In general administrators are more comfortable with a single page with a report talking about this issues and clear realease schedules for the patches where faster is better. I know this point is very debatable but is the way as it is.
In Linux distributions root privilege escalations are more common than the people believes but the difference resides in the fact that you can expect a patch in two or three days (as much) and the idea that I received from the sentence "Oracle has yet to comment on the reports or say when it plans to fix the vulnerability. The next scheduled patch release isn't until the middle of October" is not very comforting. Maybe Oracle have to improve his public relationships concerning to security issues :).
-- Victor Leonel Orozco (tuxtor) - http://tuxtor.shekalug.org