On 30 August 2012 08:32, Fabrizio Giudici <[email protected]>wrote:
> On Thu, 30 Aug 2012 08:23:39 +0200, Ryan Schipper <[email protected]> > wrote: > > > The Australian DSD (our version of the NSA) indicated recently that 85% of >> the incidents they investigated could have been avoided through: >> - effective patch management (3rd party and OS) >> - applying the least-privilege principle >> - implementing application whitelisting >> > > I agree, but Casper has got a point in saying that *now* there's a > dangerous security hole for which there's no patch and thus the only > solution is to disable Java. It's obvious that this solution creates > problems to the reputation of Java. So I hope Oracle will release a fix in > a matter of *days*. At this point, one will be able to assert that the > responsibility has been shifted to people that don't apply the patch. > > The only refinement to the original Casper's question is a comparative > one: is really Oracle slower than others? E.g. Apple in the past was > terribly slow in releasing patches and there were cases in which some big > security holes related to Java were exposed for a long time. > > Isn't that a bit like saying: "Well okay, snails may seem slow, but you only think that because you haven't seen the sloth yet!". Whether or not anyone else is (or was) just as slow (or slower) is irrelevant. Oracle should be judged entirely on their own merits, or the lack thereof. If you're going to compare them to anything, compare them to the speed of the hackers who'll be exploiting this bug. -- You received this message because you are subscribed to the Google Groups "Java Posse" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/javaposse?hl=en.
