On Thu, 30 Aug 2012 08:23:39 +0200, Ryan Schipper <[email protected]>
wrote:
The Australian DSD (our version of the NSA) indicated recently that 85%
of
the incidents they investigated could have been avoided through:
- effective patch management (3rd party and OS)
- applying the least-privilege principle
- implementing application whitelisting
I agree, but Casper has got a point in saying that *now* there's a
dangerous security hole for which there's no patch and thus the only
solution is to disable Java. It's obvious that this solution creates
problems to the reputation of Java. So I hope Oracle will release a fix in
a matter of *days*. At this point, one will be able to assert that the
responsibility has been shifted to people that don't apply the patch.
The only refinement to the original Casper's question is a comparative
one: is really Oracle slower than others? E.g. Apple in the past was
terribly slow in releasing patches and there were cases in which some big
security holes related to Java were exposed for a long time.
--
Fabrizio Giudici - Java Architect, Project Manager
Tidalwave s.a.s. - "We make Java work. Everywhere."
[email protected]
http://tidalwave.it - http://fabriziogiudici.it
--
You received this message because you are subscribed to the Google Groups "Java
Posse" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/javaposse?hl=en.
