On Sun, 15 Jan 2017, at 05:47 AM, Daniele Terdina wrote: > > Not sure how you come to that conclusion, I used to work on Java and it > > goes through a stringent security process. > > AFAIK Flash used to be the most vulnerable software (when also taking > user base into account), but since it lost favor Java has been the top or > one of the top for a long time. > See for example: > http://www.csoonline.com/article/2875535/application-security/java-is-the-biggest-vulnerability-for-us-computers.html > > [http://core5.staticworld.net/images/article/2014/11/maria-trombly-headshot-closeup-100532712-byline.jpg]<http://www.csoonline.com/article/2875535/application-security/java-is-the-biggest-vulnerability-for-us-computers.html> > > Java is the biggest vulnerability for US computers | CSO > ...<http://www.csoonline.com/article/2875535/application-security/java-is-the-biggest-vulnerability-for-us-computers.html> > www.csoonline.com > Java is the biggest vulnerability for US computers Oracle's Java poses > the single biggest security risk to US desktops, says a new report >
If you actually read the article thats because of the huge attack surface of old unpatched java installations in the world. It is afterall written by a company selling their auto patching software. Thats like saying QDOS is really aweful because of a bug you found in the AH ROM that was subsequently fixed. If you notice the JAVA NPAPI plugin is pretty much dead now, modern browsers won't even allow you to load it. Unfortunately the one thing we have never managed to work out a fix for in the industry is the wetware that exists between the chair and the keyboard :-( But the biggest threat at the end of 2016 was most certainly IoT devices, at least two massive botnets were formed from them and those bloody things never get patched. Graeme _______________________________________________ QL-Users Mailing List
