|
News News regarding BSD and related. |
|
Thread Tools | Display Modes |
|
|
|||
37 critical Java holes to be fixed today
From http://h-online.com/-1891593
Quote:
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump |
|
|||
It is kind of funny that people are saying don't run Java because of the security problems with it, yet nobody says don't run Linux because of security problems.
Searching the US-CERT CVE and CCE Vulnerability database for Java and Linux: Code:
3-mo 3-yrs all Java 108 634 1925 Linux 130 873 4036 For comparison: Code:
Windows 77 1229 3225 Last edited by gpatrick; 19th June 2013 at 12:05 PM. |
|
|||
Everything is insecure at some level.
|
|
|||
No doubt, but is the quantification and severity assessment of the problems so unimportant?
Rather than compare Java to Linux, it would be interesting to compare it to C#. The two runtimes must be very similar. The languages started out only trivially different as far as I can tell, though perhaps they're starting to diverge. The included class libraries are nearly equally immense (and similar?). So if the security record is vastly different it might say something, either about the abilities of the implementers and maintainers, their release and QA process, or about how hard and skillfully the world is looking for flaws. For another conclusion drawn from Java's horrible record, see here: "Bjarne: I do not consider it the job of a programming language to be “secure.” Security is a systems property and a language that is – among other things – a systems programming language cannot provide that by itself. C++ offers protection against errors, rather than protection against deliberate violation of rules. C++11 is better at that than C++98, but the repeated failures of languages that did promise security (e.g. Java), demonstrates that C++’s more modest promises are reasonable. " -- https://www.informit.com/articles/ar...up&WT.rss_ev=a |
|
|||
That to which gpatrick refers is for all reported linux ditributions.
It would be helpful and more informative if the data regarding the patches which worked and the time between the discovery of the holes & patching was displayed. Java is can be installed on all systems and can be ported to unsupported architectures and systems using NFS export from a system that has Java support. It would be better to compare Java to Python and Perl than to Linux and Windows. You are right in stating that security problems should be voiced and printed; however, an analogy should be of the same class and type. Peaches to apricots and oranges to lemons- pit fruits compared and citrus fruits compared- rather than apples to oranges, you know? |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Security Firefox 18 and Thunderbird 17.02 close critical holes | J65nko | News | 0 | 9th January 2013 01:39 PM |
Security Mozilla closes 6 critical holes in Firefox | J65nko | News | 0 | 21st November 2012 08:37 PM |
Security Mozilla closes numerous critical holes in Firefox 16 | J65nko | News | 0 | 10th October 2012 09:48 PM |
Security Critical PHP vulnerability being fixed | J65nko | News | 1 | 3rd February 2012 01:27 PM |
phpMyAdmin updates patch critical holes | J65nko | News | 1 | 6th July 2011 10:05 AM |