What happened to sun & java?
in [Slackware]
|
Prev: kgpg problems
Next: Downloading 13.1?
From: blmblm on 30 Jul 2010 10:41 In article <87eier66sw.fsf(a)mythtv.grymoire.com>, Maxwell Lol <nospam(a)com.invalid> wrote: > "David H. Lipman" <DLipman~nospam~@Verizon.Net> writes: > > > As for the Virus Total reports they show just how poorly Many Java > > related trojans and exploits are poorly detected. > > Sorry for coming into this discussion late.... > > Secunia recently released a report. > > For those who don't know, secunia offers a product called psi which is > free, and checks to see if ANY of your programs have security > vunerabilities. It tells you it's time to update your jre, flash, > etc. I run it on my personal Windows-based computers. As an option, it > can collect information from a large number of users. Based on that > informaiton, they summaries thair statistics here: here: > > http://secunia.com/gfx/pdf/Secunia_Half_Year_Report_2010.pdf > > On page 14 is a chart of the vulnerabilities of 3rd party programs > ranked by product, and Oracle/sun is ranked as #3. Nitpicking a bit -- Java specifically, not "Oracle/sun", right? A person who just reads your post and not the report might think what's being ranked here is some kind of summary information for all products made by "Oracle/Sun" [*], which isn't the case. [*] Which in turn may still be too new a marriage to be regarded as a single entity with a single reputation? > So there are many > java security issues. More so that Acrobat or flash. (Although Acrobat > had more "events") which may be a better indication of the severity of > the vulnerability. Yes, the thing I kept wondering in skimming through that report was "are all of these problems of equal importance?" The other thing is that this report seems to talk only about Windows, and one of the problems mentioned upthread seemed to specifically involve modifying the registry, which makes me wonder how many of all these problems are cross-platform. I find it imaginable at least that Sun could be a lot better at writing secure software for UNIX-like systems than secure software for other platforms -- I mean, one of their offerings *IS* a UNIX-like operating system, no? Still, disappointing/disturbing/something. > This chart - Table 3 - does show that 89% of the computers running psi > have Java installed. So there is a large installed base. If it's > declining in popularity, these numbers don't seem to indicate it. > > Arobat Reader is 91% and Flash is 99%, BTW. > > However, I can't believe that the number of vulnerabilities in Java is > causing Sun/Oracle's decline. Firefox and Safari have more > vulnerabilities, and that does not seem to afffect their popularity. > And vulnerabilities in flash or acrobat do not seem to affect their > popularity. > > Personally - I think that Oracle/Sun is suffering from a confusion of > their focus. > -- B. L. Massingill ObDisclaimer: I don't speak for my employers; they return the favor. |