Login  |  Register  |  Contact

Oracle adopts Trustworthy Computing practices for Java

Okay, I had to troll a bit with that title.

From a piece in SC Magazine:

Oracle formally has announced improvements in Java that are expected to harden a software line with a checkered security past.

Oracle’s post has the details.

Java has been part of Oracle’s Software Assurance processes since it was acquired, but they aren’t as robust as Microsoft’s Trustworthy Computing principles. Not that Oracle is following Microsoft (DO NOT TAUNT HAPPY FUN ORACLE) but there are two specific principles they are moving toward:

  • Secure by design. Instead of code testing and bug fixing, they announced they are moving into stronger sandboxing and fundamental security.
  • Secure by default. Altering existing settings in the product for a more secure initial state.

If they keep on this path and build a stronger sandbox, Java in the browser might make a return just in time for HTML5 to kill it. But hey, at least then it won’t be because of security.

—Rich

No Related Posts
Previous entry: A CISO needs to be a business person? No kidding… | | Next entry: New Google disclosure policy is quite good

Comments:

If you like to leave comments, and aren't a spammer, register for the site and email us at info@securosis.com and we'll turn off moderation for your account.

Name:

Email:

Remember my personal information

Notify me of follow-up comments?