Today's Question:  What's your opinion about Alibaba mooncake incident?        GIVE A SHOUT

Technical Article => Programming =>  Java

30 minutes to fix Java vulnerability

  sonic0002      2012-10-29 11:53:43      6,135    0    0

On September 25, Adam Gowdiak from the Polish security consulting firm Security Explorations submitted a Java security vulnerability to Oracle and provided a proof-of-concept. The vulnerability exists in Java 5 6,7, once the user accesses hosted malware site, an attacker can remotely control the infected machine.

Gowdiak later got in touch again with Oracle and got the response that the fix has reached the final stage. He can expect the patch in four months later. He eventually unbearable Oracle's tedious development, testing processes, We should know that Oracle has to create 30 more patches for Java and 109 patches for Oracle database, MySQL and other products. , Gowdiak and his team decided to develop the Java patch themselves, which took them only 26 minutes - only additions and deletions to 26 characters, and did not modify any code logic which needs no integration testing.

How can we wait for 4 months to get this high-risk vulnerability fixed where we only need 30 minutes to fix!? Gowdiak hopes that their action can challenge Oracle's position.

Source :



Share on Facebook  Share on Twitter  Share on Google+  Share on Weibo  Share on Reddit  Share on Digg  Share on Tumblr    Delicious



No comment for this article.


Consequence of a sudden state change

By sonic0002