[ISN] Oracle Promises Enterprise Java Security Tweaks

http://www.informationweek.com/security/application-security/oracle-promises-enterprise-java-security/240155912 By Mathew J. Schwartz InformationWeek.com June 03, 2013 Java security memo to enterprise IT managers: Better distributed client control capabilities, locked down Java servers and certificate-based controls are coming. Those three upcoming Java security changes were outlined in “Maintaining the security-worthiness of Java is Oracle’s priority,” a Thursday blog post from Nandini Ramani, who heads Oracle’s Java software development team and is responsible for Java security. Already, Ramani said Oracle’s Java developers have been practicing better secure development practices, including using more automated security testing tools, using better source code analysis tools, as well as hammering code with homegrown analysis tools designed to eliminate vulnerabilities that might be targeted using code-fuzzing techniques. He also noted that Oracle has refocused resources to help release Java security updates more quickly. Veteran Java bug hunter Adam Gowdiak, CEO and founder of Poland-based Security Explorations, confirmed via email that Oracle has been responding to bug reports in just days — instead of the weeks it used to take. Gowdiak also rated Oracle’s Java patching speed as “slightly improved,” saying that after Oracle receives a vulnerability report, it’s been issuing a fix about two months later. […] ______________________________________________ Visit the InfoSec News Security Bookstore Best Selling Security Books and More! http://www.shopinfosecnews.org




Facebooktwittergoogle_plusredditpinterestlinkedinmail