Experts prod Oracle to fix broken Java security

Take a mulligan, redesign Java, urges one

By , Computerworld |  Security, java, Oracle

Even its flexibility has contributed to its security woes. "Java has ridiculous amount of functionality," said Moore, who blamed its overreach for many of its problems.

His recommendation: Steal a page from Adobe, Google and Microsoft, which have instituted process-level sandboxes, and reduce the number of APIs that untrusted Java applets can access.

Demands that Oracle get a handle on Java security are not new. In mid-2012, before the two Java zero-days that forced Oracle to issue emergency updates, security professionals pointed to a host of problems, from infrequent updates to lax coding, that had pushed Java to the top of the exploit charts.

But even if Oracle heeds these calls, it's in for a long slog, experts warned.

"At the end of the day, Oracle's primary customer is the enterprise," said Moore. "In contrast with companies like Adobe, they are not well-positioned to handle security problems in their consumer products."

Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer, on Google+ or subscribe to Gregg's RSS feed. His email address is

See more by Gregg Keizer on

Read more about malware and vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.

Originally published on Computerworld |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Ask a Question