Experts prod Oracle to fix broken Java security

Take a mulligan, redesign Java, urges one

By , Computerworld |  Security, java, Oracle

Even its flexibility has contributed to its security woes. "Java has ridiculous amount of functionality," said Moore, who blamed its overreach for many of its problems.

His recommendation: Steal a page from Adobe, Google and Microsoft, which have instituted process-level sandboxes, and reduce the number of APIs that untrusted Java applets can access.

Demands that Oracle get a handle on Java security are not new. In mid-2012, before the two Java zero-days that forced Oracle to issue emergency updates, security professionals pointed to a host of problems, from infrequent updates to lax coding, that had pushed Java to the top of the exploit charts.

But even if Oracle heeds these calls, it's in for a long slog, experts warned.

"At the end of the day, Oracle's primary customer is the enterprise," said Moore. "In contrast with companies like Adobe, they are not well-positioned to handle security problems in their consumer products."

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is gkeizer@computerworld.com.

See more by Gregg Keizer on Computerworld.com.

Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.


Originally published on Computerworld |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness